Kaseya fully restored SaaS services for VSA customers and released a patch for local VSA customers. These fixes were introduced on July 11, 2021.
VSA, a remote monitoring and management (RMM) software platform available through SaaS and local configurations, suffered a cyber attack on the supply chain on July 2, 2021, which affected around 50 MSPs.
From there, a REvil ransomware attack hit around 800 to 1,500 companies worldwide, Kaseya CEO Fred Voccola told Reuters on July 5, 11, Voccola announced on July 7.
Meanwhile, ConnectWise on July 13th reactivates an integration with IT Glue – an MSP documentation platform owned by Kaseya. ConnectWise reactivated the connection after receiving written assurances from Mandiant that IT Glue was not affected by the VSA incident.
Among the remaining question marks:
- How many customer endpoints were encrypted in total? The hackers claimed to have hit 1 million endpoints, but the actual number remains unclear.
- How are MSPs still working to restore their local VSA servers and associated end-user systems?
- Did Kaseya and / or its MSP partners pay the REvil ransomware gang for any type of decryption key?
Here are the latest breaking details (updated regularly) by MSSP Alert.
Note – Official Statements from Kaseya: Follow this URL from Kaseya for official ongoing company updates, patch and recovery information.
Blog originally published on July 2, 2021. After that, updated regularly to reflect new developments in cyber attack investigation and VSA software platform recovery
#Kaseya #VSA #Supply #Chain #Ransomware #Attack #Recovery #Updates #ChannelE2E