[BreachExchange] Kaseya Ransomware Attack Further Delays VSA Relaunch for Customers

Fri Jul 9 10:37:15 EDT 2021

https://www.channelfutures.com/security/kaseya-ransomware-attack-further-delays-vsa-relaunch-for-customers

Last weekend’s Kaseya VSA supply chain ransomware attack means customers
won’t have access to the company’s remote monitoring and management (RMM)
service until Sunday.

The Kaseya ransomware attack breached about 50 customers, including 35
MSPs. It also penetrated or directly impacted up to 1,500 downstream
businesses.

In his latest briefing, Fred Voccola, Kaseya’s CEO, said VSA, both
on-premises and SaaS, should be back up at 4 p.m. ET on Sunday. Both were
previously expected to be back up this week.

“That’s a long time to be down,” he said. “I understand this. It’s my
decision to do this. It was my decision and no one else’s decision to pull
the release from yesterday that we had committed.”

Kaseya Ransomware Attack Prompts Additional Layers of Protection

All of the VSA vulnerabilities exploited during the Kaseya ransomware
attack are locked, Voccola said. However, it was suggested that additional
layers of protection should be added “for things we might not be able to
foresee.”

“We decided to pull it for an additional three-and-a-half days to make sure
that it is hardened as much as we feel we can do for our customers,” he
said. “The fact that we had to take down VSA is very disappointing to me
very personally. I feel like I let this community down. I let my company
down. Our company let you down. It sucks and I don’t want anyone to think
that we are not taking this as seriously professionally as anything we’ve
all had to do.”

Kaseya has also published a runbook of the changes to make so on-premises
VSA users have a head start and can prepare for the patch, Voccola said.

“We love our customers,” he said. “It pisses me off when we do things to
hurt them, especially when it’s something like this where we’ve fallen
victim to criminal acts and it’s impacting everyone.”

Financial Assistance for Attacked MSPs

In addition, Kaseya is rolling out a program closely modeled after Kaseya
CARES. That program launched during the pandemic to provide financial and
other assistance to MSPs.

“We will be providing direct financial assistance to MSPs who have been
crippled by these evil people and the new adversaries that we face,”
Voccola said. “We will also be spending millions of dollars working with
third-party consulting companies [and] our own professional services team,
providing licenses, delays of payment and other means to address every one
of you who have been down for the past several days and for the next
several days.”

Throwing money at problems does not always solve them, he said.

“We get it,” Voccola said. “It’s better than not throwing money at them,
but it doesn’t solve them. We’re doing what we can do. I assure you no one
at Kaseya wanted this to happen. None of you wanted this to happen.”

The FBI, the Department of Homeland Security (DHS) and third-party
consultants have been working with Kaseya and advising it on what it needs
to do to bring back VSA successfully.

“I want to thank everyone for their patience,” Voccola said. “I’ve spoken
to well over 100 of you folks. I wish I could speak to all of you. We’ll be
back. Our products will be up in a couple of days, and it will be
exponentially more secure than it was. And we’ll continue to invest in the
time and people to help make sure that you, our customers, are successful.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210709/f336911b/attachment.html>