Kaseya recovers data stolen in ransomware attack with mysterious decryption tool

IT software provider, Kaseya, has announced it is providing its clients with a decryption tool to recover customer data that was locked in a ransomware attack earlier this month.

In a July 26 notice on its website, the global technology firm stated it has been assisting its customers with the restoration of their encrypted data in partnership with cybersecurity company Emsisoft.

It has been issuing a mysterious “decryptor” tool enabling customers to access data that had been locked by the malware disseminated in the July 2 attack.

“The decryption tool has proven 100% effective at decrypting files that were fully encrypted in the attack.”

The company has denied paying the $70 million in Bitcoin to the Russian hacker group, REvil — which took responsibility for the attack. Kaseya did not disclose how it came across the decryption software either, stating only that has not paid any ransom to get it.

Kaseya confirmed that, after consultation with experts, it decided not to negotiate with the criminals who perpetrated the attack, stating:

“We are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.”

On July 2, the ransomware hacking group REvil brought the networks of at least 200 U.S. companies to their knees by leveraging an unpatched zero-day vulnerability in Kaseya’s IT management and automation software (VSA).

Related: Don’t blame crypto for ransomware

The news comes as ransomware is coming under increasing scrutiny from lawmakers.

According to a July 9 Cointelegraph report, Michele Korver’s appointment to the U.S. Financial Crimes Enforcement Network (FinCEN) promises to reduce illicit financial practices within the crypto space. During her previous tenure at the Department of Justice, she developed cryptocurrency seizure and forfeiture policy and legislation.

U.S. senators and politicians have come down hard on the cryptocurrency sector, largely blaming the technological phenomenon for the increase in ransomware attacks. Following the Colonial Pipeline and JBS attacks in May and June, there were calls for a crackdown on cryptocurrency in the U.S. senate after digital assets were dubbed the “ransom payment of choice” for hackers.

Meatpacker JBS paid an $11 million Bitcoin ransom to REvil, while Colonial made a $4.4 million BTC payment to Russia-linked DarkSide.