Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Kaseya obtains universal decryptor for REvil ransomware victims

Kaseya obtains universal decryptor for REvil ransomware victims

Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free.

On July 2nd, the REvil ransomware operation launched a massive attack by exploiting a zero-day vulnerability in the Kaseya VSA remote management application to encrypt approximately sixty managed service providers and an estimated 1,500 businesses.

After the attack, the threat actors demanded $70 million for a universal decryptor, $5 million for MSPs, and $40,000 for each extension encrypted on a victim’s network.

Also Read: 4 Things to Know When Installing CCTVs Legally

Revil's $70 million ransom demand
Revil’s $70 million ransom demand

Soon after, the REvil ransomware gang mysteriously disappeared, and the threat actors shut down their payment sites and infrastructure.

While most victims were not paying, the gang’s disappearance prevented companies who may have needed to purchase a decryptor unable to do so.

Today, Kaseya has stated that they received a universal decryptor for the ransomware attack from a “trusted third party” and are now distributing it to affected customers.

“We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source,” Kaseya’s SVP Corporate Marketing Dana Liedholm told BleepingComputer.

“We had the tool validated by an additional third party and have begun releasing it to our customers affected.”

While Kaseya would not share information about the key’s source, they confirmed with BleepingComputer that it is the universal decryption key for the entire attack, allowing all MSPs and their customers to decrypt files for free.

When asked whether they paid a ransom to receive a decryptor, Kaseya told BleepingComputer that they “can’t confirm or deny that.”

Emsisoft CTO Fabian Wosar told BleepingComputer that they were the third party who validated the key and will continue to aid Kaseya in their recovery efforts. 

“We are working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims and will continue to provide support to Kaseya and its customers,” Wosar told BleepingComputer.

It is unclear what caused the REvil ransomware operation to shut down and go into hiding, and multiple international law enforcement agencies have told BleepingComputer that they were not involved in their disappearance.

After the attack on JBS and Kaseya, the White House’s has pressured the Russian government to do something about the ransomware gangs believed to be operating within Russia.

It is believed that the Russian government told the REvil ransomware gang to shut down and disappear to show that they were working with the USA.

As the decryptor was obtained after the REvil gang’s disappearance, it is possible that Russia received it directly from the ransomware gang and shared it with US law enforcement as a gesture of goodwill.

When we asked the FBI if they were involved in the procurement of the decryption key, we were told that they do not comment on ongoing investigations.

“The DOJ and FBI have an ongoing criminal investigation into the criminal enterprise behind the REvil/Sodinokibi ransomware variant and the actors responsible for the Kaseya ransomware attack specifically,” the FBI told BleepingComputer.

“Per DOJ policy, we cannot comment further on this ongoing investigation.”

REvil’s disappearance is likely not the end of the gang’s online activities.

In the past the GandCrab ransomware operation shut down and rebranded as REvil, and it is expected that REvil will resurface again as a new ransomware operation.

Update 7/22/21 9:42 PM EST: Added Emsisoft and FBI statements.

Also Read: 5 Most Frequently Asked Questions About Ransomware



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us