Kaseya: No Ransom Paid, No Negotiating with 'Criminals'

Kaseya consulted with experts before deciding not to pay a ransom.

Edward Gately, Senior News Editor

July 27, 2021

2 Min Read
No Ransom
Shutterstock

Kaseya has confirmed it didn’t pay a ransom to the REvil ransomware gang that attacked the company and its customers on July 2.

Liedholm-Dana_Kaseya-1.jpg

Kaseya’s Dana Liedholm

Last week, Kaseya acquired a universal decryptor, said Dana Liedholm, the company’s senior vice president of corporate marketing. Victims of the attack can unlock encrypted files for free. The attack took place right before the July 4th holiday weekend.

Liedholm said Kaseya received the universal decryptor from a “trusted third party.”

In its latest update, Kaseya said its incident response team and Emsisoft partners continued their work this past weekend assisting customers and others with restoration of their encrypted data.

“We continue to provide the decryptor to customers that request it,” it said. “And we encourage all our customers whose data may have been encrypted during the attack to reach out to your contacts at Kaseya.”

The tool decrypts all files fully encrypted in the attack.

No Negotiating with Criminals

The Kaseya VSA attack impacted nearly 50 customers. That includes 35 MSPs. About 1,500 of their customers also suffered.

The attackers breached Kaseya VSA, its remote monitoring and management (RMM) service. All of the MSPs were using the VSA on-premises product.

“Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal,” the company said. “While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.”

The REvil ransomware gang mysteriously disappeared in the weeks following the Kaseya attack.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like