Vulnerabilities and Threats (Corvus Alerts)
      Back to home
      1. Knowledge Nest
      2. Cybersecurity Tips + Vulnerability Alerts
      3. Vulnerabilities and Threats (Corvus Alerts)

      Kaseya VSA Alert | July 2021

      On July 2, 2021, the REvil ransomware group attacked software provider Kaseya, creating downstream risk for customers of the company

      Last updated July 9, 2021

      Background

      As many Americans eased into the July 4th holiday weekend, the REvil ransomware group had different plans. At approximately 2 PM ET on July 2nd, Kaseya publicly notified their user base that a potential attack against the Kaseya VSA software was underway impacting a subset of their customers. Kaseya VSA software allows for organizations to remotely manage and monitor endpoints as well as monitoring the network. This functionality allows for easier management of devices across an organization, which is why many Managed Service Providers (MSPs) leverage it as the tool of choice to help manage and monitor their client environments.

      [DIAGRAM] Important Notice Regarding VSA Server Attack

      Figure 1: Notice on Kaseya’s website on July 2, 2021

      While current information suggests that a smaller subset of Kaseya MSP customers were impacted, the “one to many” style attack will result in a larger downstream impact that will include a larger number of organizations who are consumers of MSPs that were impacted.

      See our blog post for more updated context around this event. 

      Next steps 

      Remediation of the on-premise Kaseya VSA servers only applies if you manage a VSA server in your environment. This will be most relevant for MSPs and less so to customers of MSPs. 

      If you are a customer of an MSP, take the following steps:

      1. Confirm with your MSP whether they use an on-premise Kaseya VSA solution.
      2. If your MSP uses an on-premise Kaseya VSA server, forward them this link and ensure they have followed the action items listed below.

      If you are an IT MSP, take the following step:

      1. Leverage Kaseya’s readiness checklist and hardening guidelines prior to installing the on-premise Kaseya VSA patch, which is expected to be released July 12, 2021. 

      This attack highlights the growing need for a strong and robust software development life cycle (SDLC) and managing risk that third party applications can introduce to your environment. Corvus will continue to monitor the situation and be available for organizations who have questions or need assistance in responding to this latest attack.