Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC NetApp Digital Newsroom WatchGuard Digital Newsroom Cisco Partner Summit Digital 2020 HPE Zone The Business Continuity Center Enterprise Tech Provider Masergy Zenith Partner Program Newsroom Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom Intel Partner Connect 2021 Avaya Newsroom Experiences That Matter The IoT Integrator NetApp Data Fabric Intel Tech Provider Zone

Kaseya ‘Likely’ Got Ransomware Decryptor From REvil: Huntress CEO Kyle Hanslovan

‘Since Emsisoft is the one that got it, I think it’s probably more likely that that REvil team or a REvil affiliate leaked it,’ says Huntress CEO Kyle Hanslovan.

1   2   3   ... 7 Next

Huntress CEO Kyle Hanslovan, who played a pivotal role advocating for MSPs who were hit in the Kaseya ransomware attack, believes the decryptor key Kaseya got its hands on was leaked by a REvil team member or affiliate. Although other scenarios are possible, he said.

Kaseya said it had obtained the universal decryptor key on July 21, 19 days after the devastating REvil ransomware attack, as part of its bid to help nearly 1,500 compromised customers unlocked ransomed files and data.

At that time, Kaseya confirmed that it obtained the tool from a third party and that it was working with anti-malware software provider Emsisoft to help customers recover from the ransomware attack.

[RELATED: Huntress CEO Kyle Hanslovan - Kaseya Should Make Billing Concessions To MSPs]

CRN reached out to Kaseya but had not heard back at press time.

Earlier this week, Kaseya said it did not negotiate with cyber criminals and pay a ransom to obtain the decryptor. “While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment,” Kaseya said in a prepared statement. “Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal.”

CRN spoke with Hanslovan about the risks of using RMM tools going forward, what Kaseya could have done differently in the wake of the attack and why the vendor didn’t make patches when they were notified of vulnerabilities three months prior.

 
 
1   2   3   ... 7 Next

sponsored resources