This article is more than 1 year old

Kaseya’s VSA SaaS restart fails, service restoration delayed by at least ten hours

CEO comes out swinging, says 'people make the story and make the impact of this larger than what it is'

Kaseya’s attempt to recover its SaaS services has failed, and its CEO has attempted to play down the significance of the incident that has seen its VSA services offline since July 2nd and over 1,000 ransomware infections.

The biz, which makes system monitoring and management software for IT service providers, issued an update at 10PM Eastern Daylight time (EDT) on July 6th that stated:

During the VSA SaaS deployment, an issue was discovered that has blocked the release. Unfortunately, the VSA SaaS rollout will not be completed in the previously communicated timeline.

The company had previously advised that SaaS restoration had commenced, with individual SaaS servers due to come online “throughout the night US time”. “All systems will be online and accessible by July 7th 6AM US EDT,” the advice stated.

Now the company says its next update will come at 8AM US EDT. It has offered no information on likely time of restoration or the nature of the issue that has slowed the SaaS rollout. Nor has Kaseya said if its promise to patch its on-premises VSA software within 24 hours of SaaS restoration remains in force.

The delay is a further embarrassment to the company, given that CEO Fred Voccola went on the record, in the video below, with his opinion that he expected SaaS restoration “in the coming hours” — although he added that the company is being “incredibly conservative about it”.

Youtube Video

The CEO comes out swinging in the video, saying “even the best defences get scored on” and mentioned that other vendors including direct rival ConnectWise have experienced similar troubles. Voccola also offered his opinion that Kaseya’s woes mean: “All of a sudden cyber crime and ransomware has become … the topic of the day and we're caught in the middle of it and people make the story and make the impact of this larger than what it is.”

A quick reminder: this cyber-attack has seen countless businesses going without IT management tools, with impacts including shuttered supermarkets, problems with schools, an estimated 1,000-plus ransomware infections, and a demand for a $70m payment in Bitcoin by the REvil ransomware gang. It really is quite a large impact.

It appears miscreants were able to exploit a vulnerability in on-prem deployments of Kaseya's IT management suite VSA to infect systems with the REvil ransomware. Kaseya urged people to disable their VSA servers to protect themselves, and it shut down its software-as-a-service offering of VSA, too.

The CEO also observed: “Unfortunately there are bad people out there who can make a lot of money or try to make a lot of money and get paid in anonymous currencies that are very difficult if not impossible to trace by the authorities, so there’s no money trail for them to go and get these criminals.”

Also in Voccola’s video, he appears to have changed Kaseya’s guidance on the number of infected on-premises deployments, as he mentions “50 customers or so” were infected. Kaseya’s previous guidance mentioned “fewer than 40” and “fewer than 60." The aforementioned 1,000-plus ransomware victims are the customers of those four-dozen or so Kaseya customers, infected via their VSA IT management installations.

Whenever Kaseya’s SaaS is restored, customers will have to check the network configurations they use, as one of the new security measures is a change to the IP addresses of the company’s SaaS servers.

“For almost all customers, this change will be transparent,” the 10PM advisory states. “However if, and only if, you have whitelisted your Kaseya VSA server in your firewall(s), you will need to update the IP whitelist.” The new addresses can be found here.

Voccola’s video also revealed that around 150 Kaseya staff “have probably slept a grand total of four hours in the last two days literally and that’ll continue until everything is as perfect as can be.” ®

More about


Send us news

Other stories you might like