A US tech firm hit by a massive ransomware attack said it had obtained a decryption tool that allows it to unlock networks for the approximately 1,500 businesses affected.

Miami-based Kaseya shut down its servers after the July 2 attack that affected businesses from pharmacies to gas stations in at least 17 countries and forced most of Sweden's 800 Coop supermarkets to lock their doors for days.

"We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments," Kaseya said in a statement released Thursday.

The firm did not disclose the third party used to obtain the decryptor or say whether it had paid the hackers, who demanded $70 million in bitcoin in exchange for data stolen during the attack.

"Kaseya is working with Emsisoft to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims," the company added.

An increasingly lucrative form of digital hostage-taking, ransomware attacks typically see hackers encrypting victims' data and then demanding money for restored access.

Experts believe this could be the biggest ransomware attack on record.

Russia-based hackers REvil, who released private data of companies whose computers they took over on their "Happy Blog" to pressure them to pay a ransom, are widely believed to be behind the ransomware scam.

US President Joe Biden issued warnings to his Russian counterpart Vladimir Putin about harboring cybercriminals and suggested Washington could take action in the face of growing online attacks.

REvil went offline soon after the warnings, giving rise to speculation about whether their disappearance was the result of government-led action.

While Kaseya is little known to the public, analysts say it was a ripe target as its software is used by around 40,000 businesses, allowing the hackers to paralyze many companies with a single blow.

The firm offers cybersecurity and IT services to smaller companies, allowing the hackers to invade Kaseya's clients and affiliates.

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Tweet

Thanks for being here; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor $5 Billed Once credit card or paypal		SpaceDaily Monthly Supporter $5 Billed Monthly paypal only

US and allies condemn China for 'malicious' cyber activity: US official
Washington (AFP) July 19, 2021
The United States on Monday led allies in a fierce condemnation of China over allegedly "malicious" cyber activity, accusing it of criminal extortion, issuing ransom demands to private firms and threatening national security. In comments likely to further strain worsening relations between Washington and Beijing, a senior US official said that China's "irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world." The United St ... read more