More details on both the limitations, security posture changes, and time frame will be in the next communique later today.” Kaseya advised: “We are in the process of formulating a staged return to service of our SaaS server farms with restricted functionality and a higher security posture (estimated in the next 24–48 hours but that is subject to change) on a geographic basis.
Meanwhile, they could well find that some of their files are encrypted and will need to recover their contents somehow. How they should actually respond to the ransomware demand is not spelled out.
It has turned off its own hosted and also SaaS VSA servers, and states emphatically that customers should turn off their own VSA servers until further notice.Ī Kaseya statement on July 4 said: “Our security, support R&D, communications, and customer teams continue to work around the clock in all geographies through the weekend to resolve the issue and restore our customers to service.”Ĭustomers who receive a ransomware demand should not click on links in the message, as the links may themselves be weaponised. Kaseya has been putting out regular updates about the attack and its ongoing response efforts.
#Kaseya agent what is update
This is known as supply chain attack, and is similar in its basic methodology to last year’s SolarWinds attack, with malware installed via an update server. Potentially thousands of MSP client businesses were infected. It affected fewer than 60 Kaseya VSA customers - but around 30 of them were MSPs, and the code was then sent on to their customers. Kaseya sends out updates to these VSA servers and, on Friday July 2, an update was distributed that contained REvil ransomware code. These SaaS VSA servers can be deployed by end-users or by MSPs. It is supplied either as a hosted cloud service by Kaseya, or via on-premises VSA servers.
#Kaseya agent what is software
VSA, the Virtual System/Server Administrator, is software used by Kaseya customers to monitor and manage their infrastructure. Due to our teams’ fast response, we believe that this has been localised to a very small number of on-premises customers only.“ More affected customers identified.Ī Kaseya statement explained: “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Updated numbers of affected customers added. Kaseya’s VSA remote monitoring and management tool was used as an attack vector to inject ransomware into the systems of fewer than 1,500 end-customers of some 30 managed service providers (MSPs) at the start of the USA’s Independence Day weekend.