Kaseya responds quickly to complex cyberattacks and reduces the global impact on its customers. The company works with government agencies and leading incident response teams to support affected SMEs.
Kaseya, the leading provider of IT and security management solutions for managed service providers (MSPs) and small to medium-sized businesses (SMB), was quick to respond to a ransomware attack on its VSA customers that launched over the US National Day weekend. The company's quick fix and mitigation efforts saved thousands of small and medium-sized businesses from the devastating impact on their operations and ensured their business continuity.
Ransomware attack on Kaseya VSA servers
On July 2 at around 14 p.m. EST (20 p.m. Central European Time), Kaseya was made aware of a possible attack by internal and external sources. As a precaution, Kaseya immediately switched off access to the affected software within an hour. The attack had limited impact as only about 50 out of 35.000 Kaseya customers were affected.
After a swift decision to turn off access to the software, an in-house incident response team was set up in collaboration with leading industry forensic investigators to determine the nature of the attack. Once an attack was detected, law enforcement and state cybersecurity agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), were immediately informed and involved. Shortly after the incident, the cause of the attack was identified with assistance from the FBI and CISA.
Only 50 customers affected
Approximately 50 Kaseya customers were affected, and the company has proactively limited the damage to minimize the impact on critical infrastructure. Many of Kaseya's customers are managed service providers. They use Kaseya technology to manage the IT infrastructure for local and small businesses with fewer than 30 employees, such as: B. Dental offices, small accounting offices and local restaurants. Of the roughly 800.000 to 1.000.000 local and small businesses, only around 800 to 1.500 were affected.
"Our global teams are working around the clock to keep our customers up and running," said Fred Voccola, CEO of Kaseya. "We understand that every second that they are unable to work affects their livelihood, so we are working flat out to fix this problem."
FireEye Mandiant supports Kaseya
Kaseya works actively with various government agencies, including the FBI, CISA, the Department of Homeland Security, and the White House. FireEye Mandiant IR, a leader in computer incident response, is also working closely with Kaseya on the security incident.
"This is a collaborative effort to fix the problem and identify the responsible parties so they can be held accountable," added Voccola. “We are incredibly grateful for their help in getting our customers back online. The quick action and solution-oriented approach of CISA and the FBI, as well as the extensive support from the White House, has been of great help to us in ensuring that this attack only affects a very small number of customers. Fortunately, while every single customer affected is one too many, the impact of this sophisticated attack has been shown to be greatly overestimated, ”said Voccola.
Only VSA affected by all modules
Additionally, Kaseya IT Complete, the company's comprehensive suite of products that enable midsize businesses to efficiently manage all of their IT operations, was minimally affected by the compromise. Of the 27 modules, only one, VSA, was affected.
Kaseya agrees with the FBI and CISA assessment: “It is important to stay vigilant. We continue to advise users to follow Kaseya's recommendation to shut down VSA servers immediately, follow CISA's damage control guide, and notify IC3 if they are affected. "
More at Kaseya.com
About Kaseya
Kaseya® is the leading provider of IT and security management solutions for managed service providers (MSP) and small to medium-sized enterprises (SMEs). With its open platform and customer-centric approach, Kaseya delivers world-class technologies that companies can use to efficiently manage, secure and backup their IT. Kaseya IT Complete is the most comprehensive, integrated IT management platform made up of industry-leading solutions from Kaseya, Unitrends, RapidFire Tools, Spanning Cloud Apps, IT Glue, ID Agent, Graphus, RocketCyber and TruMethods. The platform enables companies to centrally control their entire IT, to easily manage remote and distributed environments, to simplify backups and disaster recovery, to protect themselves against cybersecurity attacks, to manage compliance and network resources effectively, and to streamline IT documentation and automate all IT management functions. Headquartered in Miami, Florida, Kaseya is privately held and represented in over 20 countries.