Skip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Kaseya VSA attack: large-scale ransomware attack

By 13 July 2021 September 9th, 2021 CERT, SOC, Vulnerability

This blog contains information about recently published information regarding a possible attack of Kaseya VSA. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update 13  July 2021

20:30 | A patch for Kaseya VSA is available for on-premises solutions. We strongly advice you to install this as soon as possible. Before patching it is important to first determine that the environment has not been compromised. The patch will not undo an active compromise. For more information, see the Kaseya website.

Update July y, 2021

12:00 | A detection tool has been released, which can be used on both endpoints and VSA servers. It can be downloaded here.
Work is also being done on making the SaaS services available again (which were previously taken offline), a patch for on-premise is being developed parallel to this action. This patch will be released after the SaaS service is restored. In this way, the patch can be optimally tested in the controlled SaaS environment. Timelines have shifted several times in recent days, an exact date is not yet known at the moment.

Update July 3, 2021

10:00 | A hacker group has hit about two hundred companies with a full-scale cyber-attack, which is still ongoing. This is reported by Bloomberg news agency. The companies will be hit by ransomware The attack started at Kaseya, a supplier of IT management software. The National Cyber Security Center in The Hague calls on companies to disable the product, which is used for remote management. According to the NC, the product variety when used by management parties is that ICT support at other companies. Kaseya has also decided to disable all SaaS cloud environments. The attacks exploit an unknown vulnerability in the product. The advice remains strongly to disable the VSA server, it is certain how the servers are attacked.

Are you in need of assistance during a cyber-incident? Call us 24 hours a day, 7 days a week on +31 88 27 47 800.

Update July 2, 2021

22:00 | Today, we received information about a possible attack of Kaseya VSA.

Reason and background of this blog

Currently, Kaseya is facing a potential attack on their VSA solution. Based on information shared by Kaseya, this appears to only apply to customers using the on-premises solution. Kaseya strongly advises to disable the on-premises solution IMMEDIATELY and await further information.” For more information, Tesorion recommends following official Kaseya update channels.

Potential risk

Kaseya’s systems are slowly coming back online. For more information, Tesorion recommends following official Kaseya update channels.

Detail info

For more information, Tesorion recommends following official Kaseya update channels and the Kaseya Cloud status.

Background

Learn more about these vulnerabilities on the Kaseya support page

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.