Liedholm initially declined to say whether Kaseya paid a ransom to obtain the key. But Kaseya issued a new statement Monday, confirming it did not pay.
“As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor,” it said in an update posted to its website.
Kaseya provides a software that allows companies to manage their computer systems, and it supplies that to managed service providers that in turn service tens of thousands of companies. The affected software spread to between 800 and 1,500 companies, Kaseya estimated. Those companies were then unable to access their files. Instead, they were prompted to pay a ransom to get a decryptor key that would return control to them. The ransom demands ranged from $45,000 for smaller companies up to $5 million for larger ones.
The ransomware attack was the latest in a string of high-profile attacks stemming mainly from organized groups of hackers based in Eastern Europe. The frequency and severity of such attacks have increased in the past two years, especially as hackers band together to make the attacks more lucrative.
Hackers made their way into Kaseya’s software by discovering a vulnerability in the company’s software and using that to get into their system. But most ransomware attacks use relatively unsophisticated methods to break into computers, such as sending phishing emails that trick employees into opening an attachment or clicking on a link that downloads malicious software, which goes on to encrypt files and bar access to the whole network.
Some experts conservatively estimate that hackers received $412 million in ransom payments just last year.
A high-profile attack against Colonial Pipeline in May caused panicked fuel-buying and long lines at gas stations. Another attack, against meat supplier JBS, temporarily shut down meat plants across the United States. The company eventually paid hackers $11 million to restore its systems.