The ransomware attack against Kaseya’s VSA servers for approximately 1,500 organizations was yet another major challenge for businesses to overcome, and while most of the affected companies did not give in to the hackers’ demands, others felt forced to pay the ransom. The problem, however, is that some of those who did pay the ransom are now having trouble decrypting their data, and with REvil MIA, they do not have the support needed to decrypt their data.
Since REvil, the organization responsible for the Kaseya ransomware attack, has reportedly shuttered its operations, companies who paid the ransom but cannot decrypt their data are stuck in limbo. Following comments from U.S. President Joe Biden urging Russian officials to take action against REvil, the dark web sites responsible for hosting REvil’s payment portal, public portal, and helpdesk chat, as well as the negotiations portal, have all gone offline. Whether or not this was due to government intervention is unknown, but what is known is that those who paid up to get their data encrypted have no means to receive support in the event the decryption keys do not work.
Under normal circumstances, victims of the REvil ransomware could decrypt their data by paying the ransom, and if they are having trouble using the decryption key, they could contact REvil’s helpdesk. But if the helpdesk is nowhere to be found, and the decryption key is not working properly, what can these victims do? It’s a difficult situation to be in, and yet another reason why paying the ransom for a ransomware attack is not a good idea. After all, why should you trust hackers to actually hand over the decryption key when they have already wronged you so profoundly?
It might seem like you don’t have any other options in the event of a ransomware infection, but paying up represents too great a risk. Ultimately, you are paying for the possibility of decrypting your data, not a guarantee. The last thing you want is to fund future attacks and show the world that these types of attacks work.
Instead of reacting to ransomware attacks, you can instead be proactive about it. Start by implementing powerful security features that can detect methods of ransomware infection. You can also train your employees to identify and respond to ransomware threats in an effective way. If you can do this, you will significantly decrease the odds that your business will fall victim to ransomware. Of course, keeping an up-to-date backup can be your ace in the hole if all else fails.
SRS Networks can help your organization arm itself against ransomware threats. To learn more, reach out to us at (831) 758-3636.