Kaseya: No Ransom Paid, No Negotiating with 'Criminals'

Kaseya has confirmed it didn’t pay a ransom to the REvil ransomware gang that attacked the company and its customers on July 2.

Kaseya’s Dana Liedholm

Last week, Kaseya acquired a universal decryptor, said Dana Liedholm, the company’s senior vice president of corporate marketing. Victims of the attack can unlock encrypted files for free. The attack took place right before the July 4th holiday weekend.

Liedholm said Kaseya received the universal decryptor from a “trusted third party.”

In its latest update, Kaseya said its incident response team and Emsisoft partners continued their work this past weekend assisting customers and others with restoration of their encrypted data.

“We continue to provide the decryptor to customers that request it,” it said. “And we encourage all our customers whose data may have been encrypted during the attack to reach out to your contacts at Kaseya.”

The tool decrypts all files fully encrypted in the attack.

No Negotiating with Criminals

The Kaseya VSA attack impacted nearly 50 customers. That includes 35 MSPs. About 1,500 of their customers also suffered.

The attackers breached Kaseya VSA, its remote monitoring and management (RMM) service. All of the MSPs were using the VSA on-premises product.

“Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal,” the company said. “While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.”

The REvil ransomware gang mysteriously disappeared in the weeks following the Kaseya attack.