Kaseya, which saw its Virtual Systems Administrator (VSA) software compromised to launch a large scale ransomware attack against clients of its managed service provider customers, has obtained a key to decrypt victims' data.
The company said it had obtained a universal decryptor key for the REvil ransomware used in the July 4 attack from "a third party" but provided no further details as to where it came from.
Security vendor Emsisoft is working with Kaseya, and has confirmed that the decryptor key works and can unlock victims' systems.
"We have no reports of problems or issues with the decryptor," Kaseya said.
The REvil ransomware gang had earlier demanded US$70 million for the universal decryptor key, backing down from an earlier attempt at extorting US$45,000 per system from victims.
REvil claimed the attack had succeeded in encrypting over a million systems, and Kaseya chief executive Fred Voccola estimated that up to 1500 businesses were hit, although the exact number is hard to ascertain.
One grocery chain in Sweden had to close 800 shops after being struck by the REvil ransomware distributed as a malicious update to Kaseya VSA.
US authorities have condemned the mass ransomware attack with the White House offering up to US$10 million for information that thwarts or helps find the extortionists, and a range of other initiatives.
REvil has dismantled its ransomware infrastructure and appears to have shut down its operations for now.