On the eve of the holiday weekend, Kaseya was hit with a ransomware attack. Kaseya has been posting regular updates on its website all through the weekend. If you or your managed service provider (many of which run their operations on Kaseya’s platform) were impacted by this compromise. Please check Kaseya’s website for ongoing updates at Important Notice July 5th, 2021 – Kaseya
The initial posting from Kaseya advised customers to immediately shut down their VSA servers. While Kaseya did not see indications that its SaaS (software as a service) customers had been impacted, Kaseya shut down its SaaS servers as a precaution.
For VSA customers, Kaseya has provided further resources: According to Kaseya, “a… Compromise Detection Tool is available to assess your (or your client’s) system’s status. To request the tool, send an email to: support@kaseya.com with the subject line: “Compromise Detection Tool Request” or you can download the tool from this link: VSA Detection Tools.zip | Powered by Box.
If you have not already shut down your VSA servers, information on how to do this is available here: https://www.kaseya.com/potential-attack-on-kaseya-vsa.
Kaseya has been working through the holiday weekend with its internal incident response team and its external forensic resources. Kaseya has also been working with the FBI and CISA.
If you receive a ransomware demand, DO NOT CLICK ON THE LINK. According to Kaseya, the link will deploy malware into your systems (not that the systems have been compromised yet).
Continue to check the Kaseya site as the company continues to provide updates.