As the Kaseya REvil ransomware saga continues, a report from CNN sheds some new light on the chaotic situation. According to several cybersecurity experts working with businesses and companies affected by the cyber attack, Kaseya is making its customers sign non-disclosure agreements before it hands over the decryption key it got its hands on last week.
This apparently isn’t an uncommon practice in the tech world, but it does make it harder to unpack exactly what happened when looking back on the event and its aftermath.
Kaseya’s keeping quiet
In addition to organisations signing NDAs, many of Kaseya’s customers are unhappy with the IT solution company’s delayed acquisition and delivery of the decryption key, which came weeks after the initial attack.
Many customers worked alongside other IT providers and cybersecurity firms to restore their encrypted systems and data, with many putting in thousands of hours worth of recovery time.
Other companies have also, in addition to countless hours, poured thousands monetarily into restoring their own and their customers data. They’ve also chosen to take the financial hit themselves rather than burden their customers with it. As well they should.
According to CNN, the time between Kaseya acquiring the decryption key (how it obtained it is still unknown) and announcing the acquisition to its customers was 24 hours. For many, even a few extra days’ notice might have been enough of a difference to some of the difficult decisions those affected had to make regarding recovery. For others, having already managed to painstakingly restore most systems and data without Kaseya’s assistance made the decryption key almost pointless.
REvil’s ransomware attack on Kaseya had particularly far reaching effects, more so than in some of its previous endeavours. This is because the IT Kaseya provides reaches into hundreds of businesses, which in turn affects thousands of individuals. Cyber attacks have been on the rise recently, and this latest attack is the most widely spread and damaging one yet.