104 Interactions, 8 Today
Did Russia step in? Did the company receive assistance from the United States? Did it, on the other hand, pay off REvil?
Kaseya, a company that sells IT software to businesses all over the world, announced yesterday that it had “obtained a universal decryptor key” that can be used to reverse the effects of a July 2 ransomware attack that crippled its clients’ operations. The hackers had demanded $70 million in Bitcoin in exchange for their services.
A Kaseya spokesperson told reporters that the tool came from a “trusted third party” but declined to provide further details.
Ransomware is malicious software that prevents users from accessing their computer networks until they pay the hackers responsible, which is usually done in Bitcoin, which can be sent without going through a bank (where it would be easier to track the recipients).
JBS USA, one of the largest meatpackers in the U.S., paid $11 million in Bitcoin to Russian cyber criminals REvil in June so that it could restart its meat plants and get one-quarter of the nation’s beef supply back into grocery stores.
Colonial Pipeline, which controls the flow of nearly half of the fuel along the East Coast, paid another Russia-linked hacking group, DarkSide, $4.4 million in May. In that case, federal law enforcement officials were able to recover a large portion of the ransom due to Colonial’s prompt communication with the Department of Justice.
All of this raises the possibility that Kaseya paid the $70 million ransom, either with or without coordination from the US government. Last year, the Treasury Department warned companies not to pay hacking groups directly or through intermediaries for fear of violating US sanctions against the recipients. House Oversight Chair Carolyn Maloney pressed that issue again this June after the Colonial Pipeline attack.
Other explanations for Kaseya obtaining the encryption tool exist, one of which is that US pressure on Russia is working. President Joe Biden told Russian President Vladimir Putin earlier this month that Russia would be held accountable for ransomware operations based in Russia, even if they were not state-sponsored, if the US shared information on which Russia could act. REvil’s website went offline less than a week later. Either country could have worked hard to obtain the encryption key.
Alternatively, Kaseya customers who were affected may have contributed.
According to Chainalysis, as of mid-May, hackers had received at least $81 million in ransomware payments this year alone. To deal with it, the United States has formed a Ransomware Task Force. Its G7 allies have also committed resources to combating it.