Back to top

Kaseya's fix for MSP ransomware attack fails

Kaseya's fix for MSP ransomware attack fails

Kaseya MSPs and their end customers are still waiting for a fix to the ransomware attack on the vendor's VSA management software, after an update that was going to be distributed last night failed.

The company had previously promised that systems using VSA would be given the fix from last night through to this morning.

On 6 July at 10PM US Eastern last night, Kaseya said: “During the VSA SaaS deployment, an issue was discovered that has blocked the release. Unfortunately, the VSA SaaS roll-out will not be completed in the previously communicated timeline.”

It added: “We apologise for the delay and R&D and operations are continuing to work around the clock to resolve this issue and restore service. We will be providing a status update at 8AM US EDT [that's UK 1PM GMT].”

That update came an hour after this one from 6 July at 9PM US Eastern: “Deployment has started across the VSA SaaS infrastructure. Individual SaaS servers will come online throughout the night US time. All systems will be online and accessible by 7 July 6AM US Eastern.”

The delay will be causing frustration among Kaseya's MSP software customers and the thousands of customers they distribute and manage software for.

The ransomware attack started last Friday on 2 July, and since then the cyber criminals behind it have demanded a $70m ransom in return for the encryption keys that will unlock the rogue software and allow organisations' systems to return to normal.

That ransom figure is believed to have been lowered since it was first tabled by the attackers. If one organisation paid, the keys could be shared with everyone else to allow them to unlock their systems.

Officially, US, UK and other international enforcement agencies recommend that no ransom demands are paid in response to such attacks. Meat packer JBS in Brazil paid an $11m ransom to those behind the Kaseya attack just last month, after its systems were crippled by their ransomware.

Updates from Kaseya on its remediation are appearing here: