Kaseya has said it did not pay a ransom to cyber-criminals REvil following a devastating cyber-attack on 2 July which impacted as many as 1,500 businesses worldwide.
REvil targeted Kaseya’s VSA tool, which MSPs use to help monitor their clients’ networks, to spread malware through those that used its on-premise servers.
Last week, Kaseya said it had obtained a “universal decryptor” to unlock those affected by the attack but did not say how it had been obtained, only that it had been from a third party.
But in its latest update, the company said: “Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal.
“While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment.
“As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.”
Kaseya added that the decryptor has proven to be “100 per cent effective at decrypting files that were fully encrypted in the attack”.
The company attracted criticism following the cyber-attack, while the Dutch Institute for Vulnerability Disclosure claimed it had previously identified the vulnerabilities used in the attack to Kaseya.