- Kaseya faced a $ 70 million ransom in Bitcoin.
- It is said that he only received the encryption key from a “trusted third party”.
Kaseya, which sells IT software to companies around the world, yesterday Announced has “obtained a universal decryption key” that can be used to undo the effects of a July 2 ransomware attack that paralyzed its customers’ operations. hackers had asked for $ 70 million in Bitcoin.
A spokesperson for Kaseya told reporters that the tool came from a “trusted third party” but declined to provide further details.
Ransomware is malicious software that locks users out of their computer networks until they pay the responsible hackers, often in Bitcoin, which can be sent without going through a bank (where recipients would be easier to trace).
JBS USA, one of America’s largest meat producers, paid $ 11 million in Bitcoin to Russian cybercriminals REvil in June so it could restart its meat factories and bring a quarter of the nation’s meat supply to stores. of groceries.
In May, Colonial Pipeline, which controls the flow of nearly half of the fuel along the East Coast, made a payment of $ 4.4 million to another Russian-linked hacker group, DarkSide. In that case, federal law enforcement officials were able to recoup a large chunk of the ransom, citing Colonial’s quick communication with the Justice Department as the reason.
Read also Cardano Skirts (ADA) above $ 2.60 for new all-time high
All of which leads to suspicion that Kaseya may have also paid the $ 70 million ransom, with or without the coordination of the United States government. Last year, the Treasury Department warned companies not to pay hacker groups directly or through intermediaries, so as not to incur US sanctions against recipients. Oversight Chamber Speaker Carolyn Maloney pushed that issue again this June after the colonial pipeline attack.
re are other explanations for how Kaseya got the encryption tool, one of which is that the US pressure on Russia is working. President Joe Biden told Russian President Vladimir Putin earlier this month that Russia would be held liable for Russia-based ransomware operations, even if they are not backed by the state, as long as the United States shares information about which Russia can act. Less than a week later, the REvil website went offline. Both countries may have worked to obtain the encryption key.
Alternatively, interested Kaseya customers may have stepped in.
Blockchain analytics firm Chainalysis estimates that, in mid-May, hackers received at least $ 81 million in ransomware payments this year alone. To address it, the United States has set up a ransomware task force. His allies in the G7 also committed resources to fight it.