We use cookies to provide some features and experiences in QOSHE

More information  .  Close
Aa Aa Aa
- A +

Someone Came to Rescue These Ransomware Victims—but Who?

1 3 0

Victims of Russian hackers’ latest ransomware onslaught may soon feel some relief. Kaseya, the IT management software company that Russian hackers popped earlier this month, says it’s obtained a tool that will help victims recover from the attack and unlock their files.

The development is bound to be welcome news for victims of the attack, which is believed to be one of the largest publicly-known ransomware incidents, with thousands of victims around the world. It’s hit schools in New Zealand and forced a Swedish grocery store chain to shut down, among other businesses.

But the whodunnit—or rather, who saved the day—mystery is only just beginning.

Kaseya spokesperson Dana Liedholm in a phone call Tuesday first declined to comment on the source of the tool, only noting that it came from a trusted third party it could not identify due to a confidentiality agreement.

A threat analyst at security firm Emsisoft, Brett Callow, confirmed to The Daily Beast the decryption tool Kaseya had obtained works and should be helpful to victims moving forward.

But new details about the origins of the tool began to percolate Friday. And they could provide clues about whether the U.S. government intervened with the hackers behind the ransomware attack or whether Kaseya paid the ransom.

Kaseya confirmed to The Daily Beast Friday that Emsisoft created the tool, but noted that while “it was created by Emsisoft,” it “is based on the original version we received from the trusted third party,” which Kaseya did not identify.

Emsisoft’s Callow declined to comment on the specifics of the case, but noted that “generally speaking, we have the ability to extract keys from threat actors’ decryptors and put them into our own which are considerably faster and safer.” Charles Carmakal, a senior vice president........

© The Daily Beast

Get it on Google Play