Miami-based company Cassia, at the center of a rinsomware attack on hundreds of businesses over the July 4 holiday weekend, said Thursday it had found a key that would help customers unlock their data and network access.
The secret is how the company got the key. Cassia simply said she had received the key from a “third party” on Wednesday and that it was “effective in unlocking victims.”
The development is one of the latest secrets surrounding the Kaseya attack, short for the Russia-based ransomware group, Ransomware Evil, which breached Kaseya and used it to exclude hundreds of Kaseya customers, including grocery and pharmacy chains in Sweden. And Maryland, Leonardtown and two towns on North Beach.
The attack sparked emergency meetings at the White House and prompted President Biden to call Russian President Vladimir Putin and demand a response to the ransomware attack that erupted from within his borders.
Within days of the call, Reveal went dark. Gone was Revel’s “Happy Blog”, where he published stolen emails and files from Reveal’s ransomware victims. Gone was its payment platform. Its most notorious members suddenly disappeared from cybercrime forums.
It is not clear whether Revel took the flight himself or at the behest of the rem Kremlin, or whether Pentagon hackers played a role in the cyber command. But it was a loss for the victims of Kasaiya, who were in the process of negotiating to get the data back when their extortionists suddenly disappeared.
Kasiya’s announcement that he has regained the key is a welcome turn. Often when ransomware groups turn to decryption tools for victims who meet their extortion demands, the tools are slow or ineffective. But in this case, the threat researcher Brett K. Bret Lo, who is working with Casea, a security company called Amsisoft, confirmed that the decryptor is “effective.”
Jose Maria Leon Cabrera And Julie Turkiwitz Contributed report.