Security News > 2021 > July > IT for service providers biz Kaseya defers decision about SaaS restoration following supply chain attack

IT management software provider Kaseya has deferred an announcement about restoration of its SaaS services, after falling victim to a supply chain attack that has seen its products become a delivery mechanism for the REvil ransomware.

The update is needed because last Friday Kaseya advised users of its on-premises software to shut it down ASAP after a detecting a supply chain attack on its VSA product - a tool that combines endpoint management and network monitoring.

Kaseya's main market is managed services providers - IT consultancies whose selling point is taking care of their clients' tech - so an attack on VSA is potentially a superspreader event for REvil.

On learning of the attack, Kaseya urged customers to pull the plug on their VSA servers, because the attack shuts off administrator access to the suite.

Kaseya's status update page for the incident initially stated the attack impacted "Only a very small percentage of our customers currently estimated at fewer than 40 worldwide".

According to a notice on its unindexed web blog, Happy Blog: "On Friday we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor - our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such a deal - contact is using victims 'readme' file instructions."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/05/kaseya_vsa_update/