The REvil ransomware gang’s tentacles shot out yet again last week, with the ransomware gang’s servers back online, a fresh victim listed on its site, ransomware payments back up and flowing, and an explanation of why it took a two-month hiatus. A purported REvil representative also addressed a slew of questions, including: Q: How did Kaseya, an IT solutions developer for managed service providers (MSPs), get its hands on a universal decryptor key that was leaked online after REvil launched one of the biggest ransomware sprees in history against it and 60 of its MSP clients on July 2? _A: The short answer: A REvil coder screwed up. _ As Flashpoint has reported, REvil posted twice on the Exploit underground forum on Friday, Sept. 10, to clarify what happened during that Kaseya-related key generation process and how a coder fat-fingered the generation and leaking of the universal key. Flashpoint provided this lightly edited translation: “One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine. That’s how we sh*t ourselves.” REvil’s alleged new rep, operating under the alias “REvil,” explained that the criminal organization’s encryption process allows for generation of either a universal decryptor key or individual keys for each of a victim’s encrypted machines. In the process of generating the keys for Kaseya and its victimized MSPs, REvil had to generate between 20 and 500 decryption…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-09-13 14:59:002021-09-13 14:59:00REvil’s Back; Coder Fat-Fingered Away Its Decryptor Key
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org