The universal decryption key acquired by Kaseya was leaked online via a hacker forum, which gives researchers the privilege to conduct a careful analysis of it.
Security expert, Pancak3 told BleepingComputer that someone shared a screenshot of what they claimed was a universal REvil decryptor on a hacker forum.
According to reports, REvil ransomware victims receive either a decryptor that works for a single encrypted file extension or a universal decryptor that works for all encrypted file extensions that are used in a particular attack after payment. After careful investigation, it was found that the leaked screenshot contains only the universal decryptor key for victims of the Kaseya attack.
Remember that on July 22 Kaseya received a universal decryption key from a mysterious “trusted third party,” while at the same time requiring customers to sign a non-disclosure agreement, which is probably the reason why the key remained inaccessible until now.
It is not known why the Kaseya decryptor was published in a hacker forum.
For more information, read the original story in BleepingComputer.