Kaseya says he didn’t pay for ransomware decryptor

Kaseya did not pay for the decryptor for the REvil ransomware distributed through the company. The company still doesn’t say how it got the decryptor, but denies that it paid for it.

The company writes this in an update on the recent ransomware attack. Hundreds of businesses worldwide were affected by the REvil ransomware, which was distributed through the msp software offered by Kaseya. Earlier this month, Kaseya received a decryptor from an unknown party that would allow customers to decrypt their systems affected by the ransomware. At the time, the company did not say how it got that tool.

Due to Kaseya’s silence on the subject, many people believed that the company paid for the decryptor. “We’ve learned that our silence around paying the ransom could potentially trigger new ransomware attacks,” Kaseya said. “That’s not our goal.” The company says it has spoken to experts about paying the ransom, but after those talks decided not to negotiate with the hackers. “That’s why we say in no uncertain terms that Kaseya did not pay the ransom,” the company said. It adds that this has not happened directly or indirectly through, for example, a third party.

It remains unclear how Kaseya got the decryptor. The attack was unique in that the criminals behind REvil did not demand a ransom from each company individually, but one price for a common decryptor. The decryptor that Kaseya now has is “100 percent effective” according to the company. Kaseya gives the decryptor to customers, but does not make it publicly available.