If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be. Like many cyberattacks, this one came on the verge of a holiday weekend. As the company itself notes, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. ”
The federal government has been spurred into action by the scale and severity of this attack (and the $70 million demand from the attackers):
Since Friday [July 2], the United States Government has been working across the interagency to assess the Kaseya ransomware incident and assist in the response. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been working with Kaseya and coordinating to conduct outreach to impacted victims. Yesterday, President Biden directed the full resources of the government to investigate this incident. We extend our thanks to the cybersecurity professionals across the FBI, CISA, and the intelligence community for working around the clock to respond to this incident.
Kaseya’s own daily updates can be found here.
The White House “urge[s] anyone who believes their systems have been compromised in the Kaseya ransomware incident to immediately report to the Internet Crime Complaint Center at https://www.IC3.gov. The FBI and CISA will reach out to identified victims to provide assistance based upon an assessment of national risk. We also urge you to immediately follow the guidance from Kaseya including shutting down your VSA servers and implementing CISA’s and FBI’s mitigation techniques.”