Kaseya is currently helping to restore the systems of customers whose networks were still locked down by REvil’s software, it said.
“I can confirm we have received a decryptor and are currently working to assist the customers impacted by the attack,” said Kaseya spokesperson Dana Liedholm. “We can’t share the source but can say it’s from a trusted third party.”
Liedholm declined to answer further questions about whether the decryptor key had been reverse-engineered from the REvil malware.
Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, said his firm had verified the effectiveness of the key at restoring victim data.
“We are working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims and will continue to provide support to Kaseya and its customers,” Callow told CNN.
It is still unclear how the attackers managed to gain access to Kaseya’s product.