Vulnerability

Kaseya VSA attack: large-scale ransomware attack

This blog contains information about recently published information regarding a possible attack of Kaseya VSA. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Clip path group@2x

T-Update

Information about vulnerabilities

This blog contains information about recently published information regarding a possible attack of Kaseya VSA. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update 13  July 2021

20:30 | A patch for Kaseya VSA is available for on-premises solutions. We strongly advice you to install this as soon as possible. Before patching it is important to first determine that the environment has not been compromised. The patch will not undo an active compromise. For more information, see the Kaseya website.

Update July y, 2021

12:00 | A detection tool has been released, which can be used on both endpoints and VSA servers. It can be downloaded here.
Work is also being done on making the SaaS services available again (which were previously taken offline), a patch for on-premise is being developed parallel to this action. This patch will be released after the SaaS service is restored. In this way, the patch can be optimally tested in the controlled SaaS environment. Timelines have shifted several times in recent days, an exact date is not yet known at the moment.

Update July 3, 2021

10:00 | A hacker group has hit about two hundred companies with a full-scale cyber-attack, which is still ongoing. This is reported by Bloomberg news agency. The companies will be hit by ransomware The attack started at Kaseya, a supplier of IT management software. The National Cyber Security Center in The Hague calls on companies to disable the product, which is used for remote management. According to the NC, the product variety when used by management parties is that ICT support at other companies. Kaseya has also decided to disable all SaaS cloud environments. The attacks exploit an unknown vulnerability in the product. The advice remains strongly to disable the VSA server, it is certain how the servers are attacked.

Are you in need of assistance during a cyber-incident? Call us 24 hours a day, 7 days a week on +31 88 27 47 800.

Update July 2, 2021

22:00 | Today, we received information about a possible attack of Kaseya VSA.

Customized cyber security

Background

For more information, Tesorion recommends following official Kaseya update channels and the Kaseya Cloud status.

Risk

Kaseya’s systems are slowly coming back online. For more information, Tesorion recommends following official Kaseya update channels.

Advice

For more information, Tesorion recommends following official Kaseya update channels and the Kaseya Cloud status.

Sources

Learn more about these vulnerabilities on the Kaseya support page

Ellipse 6

Sign up to receive T-Updates

Receive the latest vulnerabilities in your email every Wednesday

More than 1,000 organisations have already joined us.

Tesorion gebruikt jouw gegevens voor het versturen van de gevraagde informatie. Daarnaast worden je gegevens mogelijk gebruikt voor commerciële opvolging. Je kunt je op elk gewenst moment hiervoor afmelden via de link in de e-mail. Lees voor meer informatie ons privacybeleid.

Ellipse 6