Kaseya: Fewer than 1500 companies infected with ransomware in attack


The global ransomware attack via Kaseya's software has now affected less than 1,500 companies, Kaseya said in an update on the incident. According to the software company, the attackers have struck at less than 60 managed service providers (MSPs). Subsequently, the systems of fifteen hundred customers of these MSPs were infected with ransomware.


The attackers behind the attack exploited a vulnerability in Kaseya VSA, software that allows managed service providers to manage their customers' systems remotely. Kaseya has developed a security update for this vulnerability which is now being tested. Today, Kaseya is first bringing its own SaaS servers online. Then the plan is that the security update will be available within 24 hours after this.


Kaseya has consulted with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security about additional security measures for both the SaaS service and the VSA servers that MSPs manage themselves. A collection of security measures will be published before restarting the services.


A new version of the detection tool has also been released that allows managed service providers to check whether their VSA servers have been compromised. About two thousand MSPs have now downloaded the tool, according to the software company. Furthermore, the previously given advice that managed service providers should keep their VSA servers offline. Kaseya will let you know when it is safe to start the systems. A patch will be required for the restart of VSA servers.

Previous Post Next Post