Service providers and their customers still await Kaseya ransomware fix


Cloud and managed service providers are still waiting for a ransomware security update from software provider Kaseya, whose customers have been struck by a hack to the management software it distributes.

The attack started at the beginning of last weekend with managed service providers and their end customers - potentially numbering thousands - facing locked systems as a result of the ransomware that was distributed with Kaseya's VSA platform system.

The company, which is headquartered in Dublin and Miami, says it plans to start distributing a potential fix from this evening from its data centres - between 5pm and 7pm US Eastern.

A SaaS fix from the data centres will first be available before an on-premise solution is sent to end-customers who are able to install it themselves.

At the weekend, in Sweden, for instance, the Coop grocery chain was unable to open following the attack, and the state railway also faced problems too.

US president Biden said he had instructed the country's secret service to find the culprits for the attack, which some security experts have blamed on the REvil ransomware gang. They carried out a ransomware attack on Brazilian meat packer JBS last month, which cost the company an $11m ransom to gets its systems back to normal.

Jamie Moles, a senior security engineer for network detection and response specialist ExtraHop, said of the attack: “This will trigger a rise in culpability for third party suppliers who don’t protect customers.

“It’s futile if businesses protect themselves from attacks but the vendors in their supply chain they depend on have little to no protection to fend off attacks.”

The Kaseya incident follows a similar attack on software vendor SolarWinds last year, which also saw the systems it distributes to managed service providers and their end customers targeted.

Updates from Kaseya on the remediation available will appear here:

UPDATE - 6 JULY  9.45AM UK GMT : NO fixes were actually distributed last night, only further updates on what remediation action is planned for today - click on the link above for the latest from the company.