Is Your IT Company Running Kaseya VSA?
Kaseya VSA is a platform designed to manage and handle many common IT incidents, including automating software deployment, patch management, and routine maintenance. It also automates managing antivirus and anti-malware deployment in an effort to protect your business’s vital data. This tool is integrated into company networks across the United States.
Recently, it suffered a ransomware attack. A statement issued by Kaseya states that it has been investigating an attack on the widely-used tool to determine how the attack occurred. Kaseya was forced to shut down its infrastructure as a result of the cyberattack, and as more than 200 businesses reported attacks through the VSA tool, it encouraged its customers to turn off their servers immediately in order to prevent potential damage.
Kaseya, which is plugged into both small companies and large enterprises, is a common tool for software deployment and management–and many IT teams are already using it.
Is your IT company running Kaseya VSA?
What Should You Do Next?
Contact your IT company or IT provider immediately to learn more about whether your company runs Kaseya VSA as part of its management of your systems and what you should do next. In most cases, you will need to shut your systems down immediately. Less than .1% of the company’s customers, according to Kaseya CEO Fred Voccola, ended up involved in the breach. However, as many as 800 to 1500 small to medium-sized companies may have seen a ransomware compromise.
As of yet, no one is sure how far the breach will extend or how many companies have been impacted.
Out of an abundance of caution, Kaseya urged its clients to shut down their VSA servers immediately. Customers who may have been impacted were immediately notified of the breach, which occurred on July 2, via email, phone, and online notices. The vendor also shut down its SaaS servers and pulled its data centers offline in an effort to reduce potential damage while managing the damage from the ransomware attack.
By July 5, Kaseya had developed a fix to the cyberattack challenge and launched testing and validation checks. If your organization is running Kaseya VSA, here’s what you should do next.
1. Make sure your IT company is up-to-date on the latest progress.
With a fix already in the works, it won’t be long before you can install a patch that will allow you to get your business up and running again securely. However, it’s important to be patient throughout that process. Kaseya has indicated that it plans to deploy the patch to its SaaS clients first, since the company can control all elements of that environment and ensure that everything goes according to plan. Once the patch has been tested in that environment, it will be available to on-premises clients.
Once that patch is ready, your IT company should install it immediately. It’s important to have the latest patches and updates installed in your system to avoid any potential breach or compromise of your data.
2. Make sure you have regular updates to all your software.
Kaseya VSA is designed to help standardize and automate the installation of vital patches and updates for your business. With cyberattacks on the rise throughout 2020 and 2021, it’s more essential than ever to ensure that you install those patches in a timely manner. Often, as with the Kaseya VSA update, those updates are designed to close potential security holes and help protect your business.
Not every company responds as quickly to a potential disaster as Kaseya. Within days, Kaseya had a patch ready and everything prepared to go back online again. Other companies, however, may take longer to get those updates out. Once they do, it’s essential that you have those patches in place so you can protect your business.
3. Check your data backups.
As a result of the Kaseya VSA attack, you may have realized the importance of your data backups all over again. One of the most important elements of containing the attack was shutting down servers that might have been impacted by the attack. Unfortunately, shutting down those servers could leave companies in a bind, especially if they don’t have adequate data backups.
If you have strong backup solutions, on the other hand, you can simply restore your servers and continue normal operations. While you cannot use servers running the potentially infected solution, you can use your backups to keep your business operational. That may mean better overall customer service and satisfaction as well as a higher degree of confidence in your business as you deal with the aftermath of the attack.
4. Know what third-party solutions you’re using and how they may impact your business in the event of a cyberattack.
Cyberattacks can happen to anyone at any time. Even reputable businesses and large companies cannot completely, 100% reduce the risk of a cyberattack. However, it’s important to know that your software solution providers, like Kaseya, will react quickly and decisively in the event of a cyberattack. You need to know that you will be informed of a problem immediately, that you can take fast action, and that you will have a solution in your hands as soon as possible.
Discuss your third-party integrations and software with your IT provider to get a better idea of exactly who you’re working with and how an attack on them has the potential to impact your business, then make sure you have data backups and a disaster recovery plan in place that will help keep your business operational.
The Kaseya attack is yet another in a long line of cyberattacks this year, including the Colonial Pipeline attack and the JBS meat plant attack. It has, therefore, become increasingly critical for you to protect your business–and having the right IT provider is essential. Do you need an IT provider who can help you design a disaster response plan, manage your data backups, and retain awareness of the tools you need to protect your business? Contact us today to learn more about our IT management solutions.