image
The REvil ransomware gang’s tentacles shot out yet again last week, with the ransomware gang’s servers back online, a fresh victim listed on its site, ransomware payments back up and flowing, and an explanation of why it took a two-month hiatus. A purported REvil representative also addressed a slew of questions, including: Q: How did Kaseya, an IT solutions developer for managed service providers (MSPs), get its hands on a universal decryptor key that was leaked online after REvil launched one of the biggest ransomware sprees in history against it and 60 of its MSP clients on July 2? _A: The short answer: A REvil coder screwed up. _ As Flashpoint has reported, REvil posted twice on the Exploit underground forum on Friday, Sept. 10, to clarify what happened during that Kaseya-related key generation process and how a coder fat-fingered the generation and leaking of the universal key. Flashpoint provided this lightly edited translation: “One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine. That’s how we sh*t ourselves.” REvil’s alleged new rep, operating under the alias “REvil,” explained that the criminal organization’s encryption process allows for generation of either a universal decryptor key or individual keys for each of a victim’s encrypted machines. In the process of generating the keys for Kaseya and its victimized MSPs, REvil had to generate between 20 and 500 decryption…

Source