{"id":19412,"date":"2021-07-23T13:24:51","date_gmt":"2021-07-23T17:24:51","guid":{"rendered":"http:\/\/worldjusticenews.com\/news\/?p=19412"},"modified":"2021-07-23T13:24:51","modified_gmt":"2021-07-23T17:24:51","slug":"ransomware-key-obtained-to-unlock-customer-data-from-revil-attack","status":"publish","type":"post","link":"https:\/\/worldjusticenews.com\/news\/2021\/07\/23\/ransomware-key-obtained-to-unlock-customer-data-from-revil-attack\/","title":{"rendered":"Ransomware key obtained to unlock customer data from REvil attack"},"content":{"rendered":"
\n
\n

A computer key that can unlock the files of hundreds of companies which were hacked in a large-scale cyber-attack has been obtained.<\/b><\/p>\n<\/div>\n<\/div>\n

\n
\n

US IT firm Kaseya – which was the first to be targeted earlier this month – said it got the key from a \u201ctrusted third party\u201d.<\/p>\n<\/div>\n<\/div>\n

\n
\n

Ransomware is malicious software that steals computer data and scrambles it so the victim cannot gain access.<\/p>\n<\/div>\n<\/div>\n

\n
\n

The hackers then ask for payment in return for releasing the files.<\/p>\n<\/div>\n<\/div>\n

\n
\n

Kaseya\u2019s decryptor key will allow customers to retrieve missing files, without paying the ransom.<\/p>\n

\n
\n

The company\u2019s spokeswoman Dana Liedholm declined to answer whether Kaseya had paid for access to the key.<\/p>\n<\/div>\n<\/div>\n

\n
\n

She told tech blog\u00a0Bleeping Computer<\/a>\u00a0that the firm was actively helping customers restore their files.<\/p>\n<\/div>\n<\/div>\n

\n
\n

The “supply chain” attack initially targeted Kaseya, before spreading through corporate networks which use its software.<\/p>\n<\/div>\n<\/div>\n

\n
\n

Kaseya estimated that between 800 and 1,500 businesses were affected, including\u00a0500 Swedish Coop supermarkets<\/a>\u00a0and\u00a011 schools in New Zealand.<\/a><\/p>\n<\/div>\n<\/div>\n

\n
\n

After the attack at the beginning of July, criminal ransomware gang REvil demanded $70m worth of Bitcoin in return for a key that would unlock the stolen files.<\/p>\n<\/div>\n<\/div>\n

\n
\n

But members of the group\u00a0disappeared from the internet<\/a>\u00a0in the days following the incident, leaving companies with no way of retrieving the data until now.<\/p>\n

\n
\n
\"Analysis<\/span><\/div>\n<\/figure>\n<\/div>\n
\n
\n

Who is the mystery gifter?<\/p>\n<\/div>\n<\/div>\n

\n
\n

That\u2019s the big question in the cyber-security world at the moment.<\/p>\n<\/div>\n<\/div>\n

\n
\n

But really it is irrelevant for two reasons.<\/p>\n<\/div>\n<\/div>\n

\n
\n

Firstly, giving away the key now is far too late for most of the victims of this massive ransomware attack.<\/p>\n<\/div>\n<\/div>\n

\n
\n

The most desperate companies would have paid the gang already to get their operations back online, and others would hopefully be on their way to recovering by now without the help of the criminals.<\/p>\n<\/div>\n<\/div>\n

\n
\n

Secondly, the mystery gifter was most probably linked to – or working with – the criminals directly.<\/p>\n<\/div>\n<\/div>\n

\n
\n

It seems improbable that a well-run and experienced cyber-crime group like REvil would have accidentally leaked its most prized possession, or had it taken by some sort of secret law enforcement operation.<\/p>\n<\/div>\n<\/div>\n

\n
\n

I\u2019m told by a hacker who claims to be a part of the inner circle that it was “a trusted partner” who gave the key away on behalf of the group\u2019s leader, who calls himself Unknown.<\/p>\n<\/div>\n<\/div>\n

\n
\n

My contact says it\u2019s all part of “a new beginning”.<\/p>\n<\/div>\n<\/div>\n

\n
\n

So while some are calling this the end of the REvil group, it could well be the start of something else.<\/p>\n

Source: bbc.co.uk<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A computer key that can unlock the files of hundreds of companies which were hacked in a large-scale cyber-attack has been obtained. US IT firm Kaseya – which was the first to be targeted earlier […]<\/a><\/div>\n","protected":false},"author":1,"featured_media":1952,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[109,2,3],"tags":[5056,7120,2936,6270,6895],"class_list":{"0":"post-19412","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-headline","8":"category-news","9":"category-usa","10":"tag-cyber-attack","11":"tag-cyber-security","12":"tag-hacking","13":"tag-ransomware","14":"tag-revil","15":"pmpro-has-access"},"_links":{"self":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/19412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/comments?post=19412"}],"version-history":[{"count":2,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/19412\/revisions"}],"predecessor-version":[{"id":19414,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/19412\/revisions\/19414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media\/1952"}],"wp:attachment":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media?parent=19412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/categories?post=19412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/tags?post=19412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}