Decryptor for Ransomware at Kaseya Customers Appears on the Web

The decryptor for the Kaseya ransomware has been leaked on a hacking forum. The key does not work for all REvil victims, but it is a general decryptor for the victims of the attack on Kaseya.

The key was first discovered by a security researcher who posted a screenshot of a hacker forum. In it, a new user claims to have a key to the REvil ransomware. Bleeping Computer has meanwhile tested the key on samples of the REvil ransomware distributed through Kaseya last month. The site confirms that the key for that works. In July, managed service provider Kaseya was attacked by a ransomware gang. He misused the software to send ransomware to customers of the company.

The key found will only work for victims of that specific attack, and not for all REvil victims. REvil is one of the most notorious ransomware gangs that have killed thousands of others besides Kaseya. REvil disappeared last month after the gang’s websites went offline. It is not known what happened to the criminals.

It is also unknown how the REvil key appeared on the internet. There was a decryptor available, which Kaseya had received from ‘an unknown party’. Kaseya teamed up with security firm Emsisoft to help ransomware victims for free. They had to sign a non-disclosure agreement for this.