A US tech firm hit by a massive ransomware attack said it had obtained a decryption tool that allows it to unlock networks for the approximately 1,500 businesses affected.
Miami-based Kaseya shut down its servers after the July 2 attack that affected businesses from pharmacies to gas stations in at least 17 countries and forced most of Sweden’s 800 Coop supermarkets to lock their doors for days.
“We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments,” Kaseya said in a statement released Thursday.
The firm did not disclose the third party used to obtain the decryptor or say whether it had paid the hackers, who demanded $70 million in bitcoin in exchange for data stolen during the attack.
“Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims,” the company added.
An increasingly lucrative form of digital hostage-taking, ransomware attacks typically see hackers encrypting victims’ data and then demanding money for restored access.
Experts believe this could be the biggest ransomware attack on record.
Russia-based hackers REvil, who released private data of companies whose computers they took over on their “Happy Blog” to pressure them to pay a ransom, are widely believed to be behind the ransomware scam.
US President Joe Biden issued warnings to his Russian counterpart Vladimir Putin about harboring cybercriminals and suggested Washington could take action in the face of growing online attacks.
REvil went offline soon after the warnings, giving rise to speculation about whether their disappearance was the result of government-led action.
While Kaseya is little known to the public, analysts say it was a ripe target as its software is used by around 40,000 businesses, allowing the hackers to paralyze many companies with a single blow.
The firm offers cybersecurity and IT services to smaller companies, allowing the hackers to invade Kaseya’s clients and affiliates.