Skip to main content

Kaseya VSA attack: large-scale ransomware attack

This blog contains information about recently published information regarding a possible attack of Kaseya VSA. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update 13  July 2021

20:30 | A patch for Kaseya VSA is available for on-premises solutions. We strongly advice you to install this as soon as possible. Before patching it is important to first determine that the environment has not been compromised. The patch will not undo an active compromise. For more information, see the Kaseya website.

Update July y, 2021

12:00 | A detection tool has been released, which can be used on both endpoints and VSA servers. It can be downloaded here.
Work is also being done on making the SaaS services available again (which were previously taken offline), a patch for on-premise is being developed parallel to this action. This patch will be released after the SaaS service is restored. In this way, the patch can be optimally tested in the controlled SaaS environment. Timelines have shifted several times in recent days, an exact date is not yet known at the moment.

Update July 3, 2021

10:00 | A hacker group has hit about two hundred companies with a full-scale cyber-attack, which is still ongoing. This is reported by Bloomberg news agency. The companies will be hit by ransomware The attack started at Kaseya, a supplier of IT management software. The National Cyber Security Center in The Hague calls on companies to disable the product, which is used for remote management. According to the NC, the product variety when used by management parties is that ICT support at other companies. Kaseya has also decided to disable all SaaS cloud environments. The attacks exploit an unknown vulnerability in the product. The advice remains strongly to disable the VSA server, it is certain how the servers are attacked.

Are you in need of assistance during a cyber-incident? Call us 24 hours a day, 7 days a week on +31 88 27 47 800.

Update July 2, 2021

22:00 | Today, we received information about a possible attack of Kaseya VSA.

Reason and background of this blog

Currently, Kaseya is facing a potential attack on their VSA solution. Based on information shared by Kaseya, this appears to only apply to customers using the on-premises solution. Kaseya strongly advises to disable the on-premises solution IMMEDIATELY and await further information.” For more information, Tesorion recommends following official Kaseya update channels.

Potential risk

Kaseya’s systems are slowly coming back online. For more information, Tesorion recommends following official Kaseya update channels.

Detail info

For more information, Tesorion recommends following official Kaseya update channels and the Kaseya Cloud status.


Learn more about these vulnerabilities on the Kaseya support page