Kaseya VSA attack: large-scale ransomware attack
This blog contains information about recently published information regarding a possible attack of Kaseya VSA. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

T-Update
This blog contains information about recently published information regarding a possible attack of Kaseya VSA. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update 13 July 2021
20:30 | A patch for Kaseya VSA is available for on-premises solutions. We strongly advice you to install this as soon as possible. Before patching it is important to first determine that the environment has not been compromised. The patch will not undo an active compromise. For more information, see the Kaseya website.
Update July y, 2021
12:00 | A detection tool has been released, which can be used on both endpoints and VSA servers. It can be downloaded here.
Work is also being done on making the SaaS services available again (which were previously taken offline), a patch for on-premise is being developed parallel to this action. This patch will be released after the SaaS service is restored. In this way, the patch can be optimally tested in the controlled SaaS environment. Timelines have shifted several times in recent days, an exact date is not yet known at the moment.
Update July 3, 2021
10:00 | A hacker group has hit about two hundred companies with a full-scale cyber-attack, which is still ongoing. This is reported by Bloomberg news agency. The companies will be hit by ransomware The attack started at Kaseya, a supplier of IT management software. The National Cyber Security Center in The Hague calls on companies to disable the product, which is used for remote management. According to the NC, the product variety when used by management parties is that ICT support at other companies. Kaseya has also decided to disable all SaaS cloud environments. The attacks exploit an unknown vulnerability in the product. The advice remains strongly to disable the VSA server, it is certain how the servers are attacked.
Are you in need of assistance during a cyber-incident? Call us 24 hours a day, 7 days a week on +31 88 27 47 800.
Update July 2, 2021
22:00 | Today, we received information about a possible attack of Kaseya VSA.
Background
For more information, Tesorion recommends following official Kaseya update channels and the Kaseya Cloud status.
Risk
Kaseya’s systems are slowly coming back online. For more information, Tesorion recommends following official Kaseya update channels.
Advice
For more information, Tesorion recommends following official Kaseya update channels and the Kaseya Cloud status.
Sources
Learn more about these vulnerabilities on the Kaseya support page
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.