How to Fix REvil Ransomware: Kaseya Releases Universal Decryptor

Kaseya application for managed IT software

If you’ve been following recent cybersecurity news, then you’re likely already aware of the $70 million ransomware attack on Kaseya. Notorious hacker group REvil set the pricey ultimatum after successfully infiltrating Kaseya’s servers earlier this month. They managed to infect a software update file intended for Kaseya’s clients, crippling countless machines in a worldwide attack.

Matters were made worse when opportunistic cybercriminals launched an email phishing campaign targeting Kaseya’s victims. Those who opened the email attachment had a remote control software application installed on their machines.

However, there’s a glimmer of hope for those affected. Kaseya has now offered a universal decryptor to resolve the ransomware problem once and for all.

Kaseya Ransomware Fix

Kaseya has been providing regular updates on the issues caused by REvil’s attack. It impacted as many as 1,500 networks across the globe, due to Kaseya’s large client base. Now, several weeks following the ransomware attack, Kaseya has released a statement. According to the update, you can now download a decryptor that will unlock systems being held for ransom by the malicious software.

“On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we’re working to remediate customers impacted by the incident. Kaseya obtained the tool from a third-party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor.” – statement by Kaseya.

So, where did this decryptor come from? There’s no evidence to suggest that Kaseya decided to pay the ransom to REvil, a figure set at $70 million before being lowered to $50 million. In fact, several tech blogs have pointed to evidence that REvil could’ve disappeared into the woodwork.

Many of REvil’s websites on the darknet have gone offline, and it’s not clear as to why. Perhaps the authorities have finally caught up to the cybercrime group, or perhaps there’s another reason. One thing we know for sure is that it’s not unheard of for companies to pay up.

Do Companies Pay Ransomware?

While we always advise ignoring scams and avoiding malicious websites that want your payment information, unfortunately, sometimes crime does pay. According to a Kaspersky report, the exact numbers are actually quite shocking. More than 50% of ransomware victims pay the demands. However, as you might expect, it doesn’t end there. Only about half of these victims get their computers and data back the way that it was.

One thing’s for sure. If you receive an email containing an attachment, don’t open it unless you’re sure that you know the sender. But as this month’s events have shown us, even then, you could still fall victim to cybercrime. For more information on ransomware, check out this article.

Cybersecurity journalist
Chris is a tech journalist with many years' experience covering the latest news in online privacy and cybersecurity. He's also a published author and works as a Product Manager for some of the most innovative software development companies.