Reports have emerged that Kaseya has obtained a master decryptor key to mitigate the effects of a REvil ransomware attack that disrupted and locked up the systems of at least 60 of its customers. It is unclear if the ransom demand was paid to access the decryption key. Kaseya stated that it plans to work with customers affected by the ransomware attacks to unlock their files. The attacks exploited two zero-day vulnerabilities in the Kaseya Virtual System/Server Administrator that have since been patched. The attack affected victims across 22 different countries, all of which were operating the on-premise version of the platform. Many of the victims were managed service providers who used the tool to manage networks of other businesses.

The VSA software that was targeted in the ransomware attack is used by Kaseya customers to remotely monitor and manage software and network infrastructure. According to reports, the REvil gang demanded that Kaseya pay $70 million in ransom for access to a universal public decryption key that would remediate the effects of the attack for all impacted victims. Kaseya has allegedly already begun the process of actively helping customers impacted by the ransomware to restore their environments, and no issues with the decryptor have been reported. The event follows REvil’s disappearance as a criminal organization on July 13 when all of its sites vanished and its representatives left prominent underground forums.