[ad_1]
About three weeks in the past, the eagle against a a well-known IT company called Kaseya they have come upon a devastating plague, with devastation confiscation of about 1,500 corporate computers, including Sweden’s largest chain. Last week, a well-known group that tampered with the numbers went missing online, leaving victims with no way to pay and release their machines. But now things seem to be about to end, thanks to Thursday’s sudden appearance of any concealed weapon.
The July 2 kidnapping was as bad as it gets. Kaseya provides popular IT management software among so-called support managers (MSPs), which are companies that provide IT equipment to companies that cannot do it on their own. By using the virus in MSP software called Virtual System Administrator, the REvil redemption team not only harmed the people and their customers, which led to the destruction.
In the weeks that followed, the victims made two choices: pay a ransom to restore their machines or rebuild what was lost through storage. For most businesses, REvil set a ransom of about $ 45,000. It attempted to drop MSPs for about $ 5 million. It initially also set a global decryptor price of $ 70 million. The group will drop to $ 50 million before the end, perhaps in an effort to lower itself in times of crisis. When they were missing, they took part in their payment. Victims were left, unable to pay even if they wanted to.
Kaseya spokesman Dana Liedholm confirmed to WIRED that the company had acquired the entire suit from “a third party,” but did not say who would pay. “We have a team working with our affected customers, and we will share more information on how to make this tool public,” Liedholm said in a statement, adding that the distribution of victims has already begun, with the help of antivirus company Emsisoft.
“We are working with Kaseya to support their client trials,” said Brett Callow, an Emsisoft researcher. “We have confirmed that the key is instrumental in opening up to those affected and we will continue to support Kaseya and his clients.”
The Mandiant security company has been working with Kaseya on a major overhaul, but a Mandiant spokesman repatriated WIRED to Liedholm when asked to add more who provided the secret key and how many people were still needed.
Being able to release any tool that comes your way is a good news. But the number of those left to help in the meantime could be a small fraction of the starting noise. Jake Williams, CTO of BreachQuest’s security company, which has a number of customers affected by the REvil campaign, says: “The switch machines may be useful for some customers, but they may be too late.” It is because anyone who can retrieve their data, through fees, payments, or the like, would probably have done this by now. Williams says: “The most effective cases are the ones that have specialized knowledge about the secret machines that can’t be reproduced in any way,” Williams says. “In that case, we recommend that their wallets promptly pay for confidential keys if such information is necessary.”
Most of the victims of REvil were small and medium-sized businesses; as MSP clients, they refer to the types that prefer to use their IT equipment — which means they may not have reliable backups easily. However, there are other ways to rebuild data, even if it means asking customers and vendors to submit everything they have and start right away. “It’s unlikely that everyone had the prospect of searching,” Williams says.
[ad_2]
Source link
