Ask the Community
Groups
Important Notice August 4th, 2021 - Connect IT Community | Kaseya
<main> <article class="userContent"> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <p><strong>August 4, 2021 - 4:00 PM EDT</strong></p> <p><strong>VSA 9.5.7d Patch Update</strong></p> <p>Based on feedback, we have merged the functionality that was planned in the next two updates into the 9.5.7d VSA patch and adjusted the release date. This ensures that customers can get the maximum functionality, without having to perform two separate maintenance updates in close proximity. </p> <p>We have updated the list of upcoming functionality at: <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4404758240145">https://helpdesk.kaseya.com/hc/en-gb/articles/4404758240145</a></p> <p><strong>VSA SaaS Update</strong></p> <p>We will deploy the VSA 9.5.7d patch to the following SaaS servers beginning on Friday August 6<sup>th</sup> at 6PM EDT - EU - SAAS08, EU - SAAS10, EU - SAAS22, EU - SAAS35, EU - SAAS37, EU - SAAS41, EU - SAAS42, EU - SAAS44, EU - SAAS45, EU - SAAS47, US - NA1VSA02, US - NA1VSA10, US - NA1VSA14, US – IAD2VSA08, US – IAD2VSA09</p> <p>All other VSA SaaS instances will be updated on Saturday August 7<sup>th</sup> at 7AM EDT.</p> <p><strong>VSA On-Premises Update</strong></p> <p>The 9.5.7d patch for VSA On-Premises customers will be available for download on Monday August 9<sup>th</sup> by end of day (US time). A notice will be sent out when the patch is available for download on August 9<sup>th</sup>.</p> <p><strong>July 29, 2021 - 9:00 AM EDT</strong></p> <p><strong>VSA Upcoming Patches and Features</strong></p> <p>Kaseya has released several VSA patches to remediate functionality issues caused by the enhanced security measures put in place. We have created an article intended to provide customers with insight into current known issues and fixes which are scheduled for upcoming patch releases in the coming days and weeks.</p> <p>Please review the details at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4404758240145" rel="noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4404758240145</a> </p> <p><strong>July 28, 2021 - 3:00 PM EDT</strong></p> <p><strong>VSA On-Premises</strong></p> <p>Kaseya has released patch 9.5.7c (build 9.5.7.3045) which remediates functionality issues caused by the enhanced security measures put in place and also provides a security enhancement to the Edge Service to protect against HTTP spoofing. You can run KINSTALL as you normally do as part of your patching process and you will now see the new patch is available. It is recommended that VSA On-Premises customers update their VSA to 9.5.7c.</p> <p>The full release notes with the fixes and enhancements are available at:</p> <p><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4404472290705" rel="noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4404472290705</a></p> <p><strong>VSA SaaS </strong></p> <p>All VSA SaaS instances have been updated to 9.5.7c.</p> <p><strong>Updates</strong></p> <p>Additionally, later this evening we will be providing information on additional functionality that will be included in upcoming patches.</p> <p><strong>July 26, 2021 - 1:00 PM EDT</strong></p> <div> <p>Throughout this past weekend, Kaseya’s Incident Response team and Emsisoft partners continued their work assisting our customers and others with the restoration of their encrypted data. We continue to provide the decryptor to customers that request it, and we encourage all our customers whose data may have been encrypted during the attack to reach out to your contacts at Kaseya. The decryption tool has proven 100% effective at decrypting files that were fully encrypted in the attack.</p> <p>Kaseya has maintained our focus on assisting our customers, and when Kaseya obtained the decryptor last week we moved as quickly as possible to safely use the decryptor to help our customers recover their encrypted data. Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal. While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.</p> </div> </div> <p><strong>July 23, 2021 - 2:30 PM EDT</strong></p> <p>Kaseya has released a Quick Fix (QFE) to patch 9.5.7b (9.5.7.3015) to VSA On-Premises customers which resolves three issues (this is not a security release). Unlike a full patch, the QFE is a simple script that you can run on your VSA On-Premises server. This patch resolves issues with Kaseya Antivirus & Antimalware, 3<sup>rd</sup> Party Integration Modules (TAP) and importing files via the VSA System Tab.</p> <p>Full Details are available at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4404416168209" rel="noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4404416168209</a> </p> <p>All VSA SaaS Instances have been updated and are running this QFE.</p> <p><strong>July 22, 2021 - 3:30 PM EDT</strong></p> <p><strong>Kaseya has obtained a universal decryptor key.</strong></p> <p>On 7/21/2021, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we’re working to remediate customers impacted by the incident.</p> <p>We can confirm that Kaseya obtained the tool from a third party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor. Kaseya is working with <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.emsisoft.com%2F" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.emsisoft.com%2F" rel="noreferrer noopener nofollow">Emsisoft</a> </u>to support our customer engagement efforts, and Emsisoft has confirmed the key is effective at unlocking victims.</p> <p>We remain committed to ensuring the highest levels of safety for our customers and will continue to update here as more details become available.</p> <p>Customers who have been impacted by the ransomware will be contacted by Kaseya representatives.</p> </div> <p><strong>July 21, 2021 8:300PM US EDT</strong></p> <p><strong>VSA SaaS Update</strong></p> <p>We will be updating VSA SaaS instances to remediate functionality issues encountered by the enhanced security measures recently put in place, and to provide minor bug fixes (this is not a security release). There will be a brief interruption (2-10 minutes) as services are restarted.</p> <p>For the following VSA SaaS instances, the brief restart will occur on July 22 between 4:30 and 6:30 AM US EDT: EU - SAAS03, EU - SAAS06, EU - SAAS11, US - NA1VSA01, US - NA1VSA04, US - NA1VSA08, US - NA1VSA12, US - NA1VSA28, US - NA1VSA29, US - NA1VSA30, US - NA1VSA32, US - NA1VSA37, US - IAD2VSA02, US - IAD2VSA04, US - NA1VSA105, US - NA1VSA108, US - NA1VSA116.</p> <p>For all remaining VSA SaaS instances, the brief restart will occur between July 22 11PM and July 23 1AM US EDT.</p> <p><strong>July 20, 2021 2:00PM US EDT</strong></p> <p><strong>VSA 9.5.7.3015 Maintenance Patch Release Update</strong></p> <p>Kaseya is releasing patch 9.5.7.3015 which remediates functionality issues <u>caused by the enhanced security measures put in place</u> and provides bug fixes (this is not a security release). The full release notes with the fixes are available at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4404146456209" rel="noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4404146456209</a>.</p> <p>The patch for VSA On-Premises is available now. There was an edge case with the installer in the update that was posted last night, but we have updated patch as of 9:30AM EDT July 20th and customers can run Kinstall and you will see the above referenced version available for installation.</p> <p>All VSA SaaS instances are updated and on the latest version.</p> <p><strong>July 19, 2021 3:15PM US EDT</strong></p> <p><strong>VSA 9.5.7.3011 Maintenance Patch Release Update</strong></p> <p>Kaseya is releasing patch 9.5.7.3011 which remediates functionality issues <u>caused by the enhanced security measures put in place</u> and provides bug fixes (this is not a security release). The full release notes with the fixes are available at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4404146456209" rel="noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4404146456209</a>.</p> <p><strong>VSA SaaS Update</strong></p> <p>The first VSA SaaS deployment went live on Saturday July 17th US EDT for the following VSA SaaS instances: EU - SAAS03, EU - SAAS06, EU - SAAS11, EU - SAAS12, EU - SAAS16, EU - SAAS23, EU - SAAS24, EU - SAAS25, EU - SAAS28, EU - SAAS34, EU - SAAS39, EU - SAAS41 ,EU - SAAS43, US - NA1VSA01, US - NA1VSA04, US - NA1VSA08, US - NA1VSA12, US - NA1VSA14, US - NA1VSA22, US - NA1VSA28, US - NA1VSA29, US - NA1VSA30, US - NA1VSA32, US - NA1VSA37, NA1VSA105, US - NA1VSA108, US - NA1VSA115, US - IAD2VSA02, US - IAD2VSA04</p> <p>The remainder of the VSA SaaS instances will be updated tonight (July 19th) 8PM and 4AM US EDT.</p> <p><strong>VSA On-Premises Update:</strong></p> <p>The VSA On-Premises Patch will be released to customers and posted to the download site by 4:30PM US EDT today.</p> <p><strong>July 16, 2021 6:45PM US EDT</strong></p> <p><strong>VSA 9.5.7.3011 Maintenance Patch Release Update</strong></p> <p>Kaseya will be releasing patch 9.5.7.3011 which remediates functionality issues <u>caused by the enhanced security measures put in place</u> and provides bug fixes (this is <strong><u>not</u></strong> a security release). The full release notes with the fixes are available at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4404146456209" rel="noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4404146456209</a>.</p> <p>The patch is planned to be available for VSA On-Premises customers by Monday July 19<sup>th</sup> end of day.</p> <p>The first VSA SaaS deployment is planned for Saturday July 17<sup>th</sup> between 7AM and 11AM US EDT for the following VSA SaaS instances: EU - SAAS03, EU - SAAS06, EU - SAAS11, EU - SAAS12, EU - SAAS16, EU - SAAS23, EU - SAAS24, EU - SAAS25, EU - SAAS28, EU - SAAS34, EU - SAAS39, EU - SAAS41 ,EU - SAAS43, US - NA1VSA01, US - NA1VSA04, US - NA1VSA08, US - NA1VSA12, US - NA1VSA14, US - NA1VSA22, US - NA1VSA28, US - NA1VSA29, US - NA1VSA30, US - NA1VSA32, US - NA1VSA37, NA1VSA105, US - NA1VSA108, US - NA1VSA115, US - IAD2VSA02, US - IAD2VSA04</p> <p>The remainder of the VSA SaaS instances are planned for deployment between 8PM and 4AM US EDT on Monday July 19<sup>th</sup>.</p> <p> </p> <p><strong>July 14, 2021 5PM US EDT</strong></p> <p><strong>VSA Install Patch Check</strong></p> <p>When running the Kinstall patch on your VSA, if you chose to reinstall VSA and either <strong>unchecked</strong> the default option to install the latest patch, or <strong>reran</strong> the Reinstall VSA process a 2<sup>nd</sup> time <strong>without</strong> the “install patch” option selected – it’s possible your patch was not re-applied.</p> <p>While these are rare edge cases, we recommend that you verify that the latest patch was installed properly. We have made a tool that enables you to ensure the patch is properly installed.</p> <p>Download the verification tool at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fapp.box.com%2Fs%2F5kqsbdj9aajezsc63jzaadpka5esk1v8" rel="noopener nofollow">https://app.box.com/s/5kqsbdj9aajezsc63jzaadpka5esk1v8</a></p> <p> </p> <p><strong>July 13, 2021 8PM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>Version 9.5.7a was released to both VSA SaaS and On-Premises on Sunday, July 11<sup>th</sup>. </p> <p>Please ensure you have reviewed the release notes at: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403785889041" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403785889041" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403785889041</a></u> </p> <p>Additionally, we recommend reviewing the following documents:</p> <p>VSA On-Premises Integration IP Whitelist - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403869952657" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403869952657" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403869952657</a></u> </p> <p>On-Premises Startup Runbook (Updated July 11<sup>th</sup> – Updated Step 4) - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993incident-response</a></u> </p> <p>VSA On-Premise Hardening and Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u> </p> <p>VSA SaaS Startup Runbook - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u> </p> VSA SaaS Hardening and Best Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403622421009-vsa-saas-best-practices" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403622421009-VSA-SaaS-Best-Practices" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009-VSA-SaaS-Best-Practices</a></u> </div> <p><strong>July 12, 2021 3:30PM US EDT</strong></p> <p>The unplanned maintenance across the VSA SaaS infrastructure has been completed and all instances are now live. </p> <p>With a large number of users coming back online in a short window, we had seen some performance issues. We made configuration changes to address the issue and it is now resolved. We will continue to monitor the performance and make adjustments as required.</p> </div> <div></div> <div><strong>July 12, 2021 12:30PM US EDT</strong></div> <div>Unplanned maintenance will be performed across the entire SaaS farm today, between 12:00 PM to 2:00 PM EDT with an expected downtime of 20 minutes. With the large number of users coming back online in a short window, we have seen some performance issues. We made some configuration changes to address and need to restart the servers for these to take effect and improve performance.</div> <p><strong>July 12, 2021 8AM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>As posted in the previous update we released the patch to VSA On-Premises customers and began deploying to our VSA SaaS Infrastructure prior to the 4:00 PM target. The restoration of services is now complete, with 100% of our SaaS customers live as of 3:30 AM US EDT. Our support teams continue to work with VSA On-Premises customers who have requested assistance with the patch.</p> <p>We will continue to post updates as new information becomes available.</p> </div> <p><strong>July 12, 2021 3AM US EDT</strong></p> <p>As posted in the previous update we released the patch to VSA On-Premises customers and began deploying to our VSA SaaS Infrastructure prior to the 4:00 PM target. The restoration of services is progressing, with 95% of our SaaS customers live and the remaining servers coming online for the rest of our customers in the coming hours. Our support teams are working with VSA On-Premises customers who have requested assistance with the patch.</p> <p>We will continue to post updates on the patch rollout progress and server status.</p> <p><strong>July 11, 2021 10PM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>As posted in the previous update we released the patch to VSA On-Premises customers and began deploying to our VSA SaaS Infrastructure prior to the 4:00 PM target. The restoration of services is progressing according to plan, with 60% of our SaaS customers live and servers coming online for the rest of our customers in the coming hours. Our support teams are working with VSA On-Premises customers who have requested assistance with the patch.</p> <p>We will continue to post updates on the patch rollout progress and server status throughout the evening.</p> </div> <p><strong>July 11, 2021 4PM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>VSA SaaS and On-Premises Release Notes have now been published and are available at: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403785889041" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403785889041" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403785889041</a></u> </p> <p><strong>VSA SaaS:</strong></p> <p>The restoration of our VSA SaaS Infrastructure has begun. We will send email notifications as the individual instances come back online over the next several hours.</p> <p>Please review:</p> <p>VSA SaaS Startup Runbook - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u> </p> <p>VSA SaaS Hardening and Best Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403622421009-vsa-saas-best-practices" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403622421009-VSA-SaaS-Best-Practices" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009-VSA-SaaS-Best-Practices</a></u> </p> <p><strong>VSA On-Premises</strong></p> <p>The VSA On-Premises patch is now available. You can run KINSTALL as you normally do as part of your patching process.</p> <p>Please review:</p> <p>On Premises Startup Runbook (Updated July 11<sup>th</sup> – Updated Step 4) - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993incident-response</a></u> </p> <p>VSA On-Premise Hardening and Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u></p> </div> <p><strong>July 11, 2021 4PM US EDT</strong></p> <div>Next Status Update coming at 4:30 PM EDT</div> </div> <p><strong>July 11, 2021 1:30PM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>We remain on track to release the VSA On-Premises Patch and begin bringing our VSA SaaS Infrastructure online on Sunday, July 11th at 4 PM EDT.</p> <p>*NEW* - We have updated our VSA On-Premises runbook <strong>STEP 4</strong> - Based on customer feedback, we have made changes to the IIS rewrite tool in order to give customers more control of their environments using their firewalls. Please review <strong>STEP 4</strong> in the document at the following link: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993</a></u> </p> <p>*New* - We have updated our VSA On-Premises whitelist IP address list if you are using 3<sup>rd</sup> party applications that need access inbound to your VSA server at: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403869952657" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403869952657" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403869952657</a></u> </p> <p>*New* Please watch today’s update video from our Executive Vice President, Mike Sanders, on our incident response and the steps you can take now to be ready for the release at: <u><a tabindex="-1" title="https://www.kaseya.com/potential-attack-on-kaseya-vsa/" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa%2F" rel="noreferrer noopener nofollow">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a></u></p> <p><strong>Continued Updates</strong></p> <p>Please ensure you have reviewed the following documents:</p> <p><strong>VSA On-Premises:</strong></p> <p>On-Premises Startup Runbook (Updated July 11<sup>th</sup> – Updated Step 4) - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993incident-response</a></u> </p> <p>VSA On-Premise Hardening and Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u> </p> <p><strong>VSA SaaS:</strong></p> <p>VSA SaaS Startup Runbook - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u> </p> <p>VSA SaaS Hardening and Best Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403622421009-vsa-saas-best-practices" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403622421009-VSA-SaaS-Best-Practices" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009-VSA-SaaS-Best-Practices</a></u></p> </div> <p> <strong>July 11, 2021 10:30AM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>We remain on track to release the VSA On-Premises Patch and begin bringing our VSA SaaS Infrastructure online on Sunday, July 11th at 4 PM EDT.</p> <p>*NEW* - We have updated our VSA On-Premises runbook <strong>STEP 4</strong> - Based on customer feedback, we have made changes to the IIS rewrite tool in order to give customers more control of their environments using their firewalls. Please review <strong>STEP 4</strong> in the document at the following link: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993</a></u> </p> <p>*NEW* - We have updated our VSA On-Premises runbook to include a tool that you can use to clear any procedures that have accumulated prior to starting restarting your VSA. Please review <strong>STEP 6</strong> in the document at the following link: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993</a></u> </p> <p><strong>Continued Updates</strong></p> <p>Please ensure you have reviewed the following documents:</p> <p><strong>VSA On-Premises:</strong></p> <p>On Premises Startup Runbook (Updated July 11t<sup>h</sup> – Updated Step 4) - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993incident-response</a></u> </p> <p>VSA On-Premise Hardening and Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u> </p> <p><strong>VSA SaaS:</strong></p> <p>VSA SaaS Startup Runbook - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u> </p> <p>VSA SaaS Hardening and Best Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403622421009-vsa-saas-best-practices" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403622421009-VSA-SaaS-Best-Practices" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009-VSA-SaaS-Best-Practices</a></u></p> </div> <p><strong>July 10, 2021 10PM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>*<strong>NEW</strong>* - We have updated our VSA On-Premises runbook to include a tool that you can use to clear any procedures that have accumulated prior to starting restarting your VSA. Please review <strong>STEP 6</strong> in the document at the following link: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993incident-response</a></u></p> <p>Please watch today’s update video from our Executive Vice President, Mike Sanders, on our incident response and the steps you can take now to be ready for the release at: <u><a tabindex="-1" title="https://www.kaseya.com/potential-attack-on-kaseya-vsa/" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa%2F" rel="noreferrer noopener nofollow">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a></u> </p> <p>We remain on track to release the VSA On-Premises Patch and have our VSA SaaS Infrastructure up by Sunday, July 11th at 4 PM EDT.</p> </div> <p><strong>July 10, 2021 7PM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>We remain on track to release the VSA On-Premises Patch and begin deployment to our VSA SaaS Infrastructure on Sunday, July 11th at 4 PM EDT.</p> <p>Please watch today’s update video from our Executive Vice President, Mike Sanders, on our incident response and the steps you can take now to be ready for the release at: <u><a tabindex="-1" title="https://www.kaseya.com/potential-attack-on-kaseya-vsa/" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa%2F" rel="noreferrer noopener nofollow">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a></u> </p> <p>For our VSA On-Premises customers, we will be releasing a tool this evening that will clear any pending procedures and that will be included in the runbooks below – stay tuned.</p> <p><strong>Continued Updates</strong></p> <p>Please ensure you have reviewed the following documents:</p> <p><strong>VSA On-Premises:</strong></p> <p>On Premises Startup Runbook (Updated July 9<sup>th</sup> – Updated Step 7) - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993incident-response</a></u> </p> <p>VSA On-Premise Hardening and Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u> </p> <p><strong>VSA SaaS:</strong></p> <p>VSA SaaS Startup Runbook - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u> </p> <p>VSA SaaS Hardening and Best Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403622421009-vsa-saas-best-practices" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403622421009-VSA-SaaS-Best-Practices" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009-VSA-SaaS-Best-Practices</a></u></p> </div> <p><strong>July 10, 2021 2PM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>We remain on track to release the VSA On-Premises Patch and begin deployment to our VSA SaaS Infrastructure on Sunday, July 11th at 4 PM EDT.</p> <p>Later this evening, we will provide the latest status update video from our Executive Vice President, Mike Sanders, on our incident response and the steps you can take now to be ready for the release.</p> <p>For our VSA On-Premises customers, we will be releasing a tool shortly that will clear any pending procedures and that will be included in the runbooks below – stay tuned.</p> <p><strong>Continued Updates</strong></p> <p>Please ensure you have reviewed the following documents:</p> <p><strong>VSA On-Premises:</strong></p> <p>On Premises Startup Runbook (Updated July 9<sup>th</sup> – Added Step 7) - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993incident-response" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993incident-response</a></u> </p> <p>VSA On-Premise Hardening and Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u> </p> <p><strong>VSA SaaS:</strong></p> <p>VSA SaaS Startup Runbook - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u> </p> <p>VSA SaaS Hardening and Best Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403622421009-vsa-saas-best-practices" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403622421009-VSA-SaaS-Best-Practices" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009-VSA-SaaS-Best-Practices</a></u></p> </div> <p><strong>July 10, 2021 9:30PM AM US EDT</strong></p> <p><strong>VSA Update:</strong></p> <p>We remain on track to release the VSA On-Premises Patch and begin deployment to our VSA SaaS Infrastructure on Sunday, July 11th at 4 PM EDT.</p> <p>Please ensure you have reviewed the following documents:</p> <p><strong>VSA On-Premises:</strong></p> <p>On Premises Startup Runbook (Updated July 9<sup>th</sup> – Added Step 7) - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993</a></u> </p> <p>VSA On-Premise Hardening and Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u> </p> <p><strong>VSA SaaS:</strong></p> <p>VSA SaaS Startup Runbook - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u></p> <p>VSA SaaS Hardening and Best Practice Guide - <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403622421009-vsa-saas-best-practices" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403622421009-VSA-SaaS-Best-Practices" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009-VSA-SaaS-Best-Practices</a></u></p> </div> <p><strong>July 9, 2021 7:00PM PM EDT</strong></p> <p><strong>Reminder:</strong> Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments or phones claiming to be Kaseya Partners – <strong>DO NOT</strong> click on links or download attachments and <strong>DO NOT</strong> respond to phone calls claiming to be a Kaseya Partner. </p> <p><strong>Updates:</strong></p> <p>Sunday, July 11th at 4 PM EDT the VSA On-Premises Patch will be available and we will start the deployment to our VSA SaaS Infrastructure.</p> <p>Watch the new video update from our Executive Vice President, Mike Sanders, on the incident and our response at the following link: <u><a tabindex="-1" title="https://www.kaseya.com/potential-attack-on-kaseya-vsa/" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa%2F" rel="noreferrer noopener nofollow">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a></u> </p> <p>We have updated our VSA On-Premise Hardening and Practice Guide (added Step #7) which can be viewed by visiting: released and can be reviewed by visiting: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u></p> </div> <p><strong>July 9, 2021 12:00PM EDT</strong></p> <p>As previously communicated, spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments.</p> <p>Spammers may also be making phone calls claiming to be a Kaseya Partner reaching out to help. </p> <p>Kaseya <strong>IS NOT </strong>having any partners reach out – <strong>DO NOT</strong> respond to any phone calls claiming to be a Kaseya Partner.</p> <p><strong>DO NOT</strong> click on any links or download any attachments in emails claiming to be a Kaseya advisory.</p> </div> <p><strong>July 9, 2021 9AM EDT</strong></p> <p>As previously communicated, spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments.</p> <p><strong>Do not click on any links or download any attachments</strong> <strong>in emails</strong> claiming to be a Kaseya advisory.</p> <p>Moving forward, all new Kaseya email updates<strong> will not contain any links or attachments</strong>.</p> <p><strong>VSA Incident Update:</strong></p> <p>Yesterday our CTO, Dan Timpson, released a video providing an update on our technical response. This video is available at: <u><a tabindex="-1" title="https://www.kaseya.com/potential-attack-on-kaseya-vsa/" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa%2F" rel="noreferrer noopener nofollow">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a></u> </p> <p><strong>*New</strong> – VSA On-Premise Hardening and Practice Guide was released and can be reviewed at: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403760102417" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403760102417" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417</a></u> </p> <p>Reminders:</p> <p>If you have not reviewed the runbooks for the upcoming release, links to them are below:</p> <p>VSA On-Premise Runbook: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993</a></u> </p> <p>VSA SaaS Runbook: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u></p> </div> <p><strong>July 8, 2021 9:00 PM EDT</strong></p> <p>Kaseya Fake Email Warning</p> <p>Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments.</p> <p><strong>Do not click on any links or download any attachments</strong> claiming to be a Kaseya advisory.</p> <p>Moving forward, Kaseya email updates <strong>will not contain any links or attachments</strong>.</p> </div> <p><strong>July 8, 2021 5:00 PM EDT</strong></p> <p><strong>Incident Update</strong></p> <p>Please watch the new video post from our Chief Technology Officer, Dan Timpson, providing an update on the technical response and upcoming patch at this link: <u><a tabindex="-1" title="https://www.kaseya.com/potential-attack-on-kaseya-vsa/" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa%2F" rel="noreferrer noopener nofollow">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a></u> </p> <p><strong>Continued Updates</strong></p> <p>Sunday, July 11th at 4 PM EDT the VSA On-Premises Patch will be available and we will start the deployment to our VSA SaaS Infrastructure.</p> <p>If you have not reviewed the runbooks for the upcoming release, links to them are below:</p> <p>VSA On-Premise Runbook: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993</a></u> </p> <p>VSA SaaS Runbook: <u><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369" rel="noreferrer noopener nofollow">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></u> </p> <p>Our next update with be July 9<sup>th</sup> at 9 AM EDT.</p> </div> <p><strong>July 8, 2021 1:30 PM EDT</strong></p> <p>Earlier today we released a video post from our CEO updating the patch rollout timeline as follows:</p> <p>Sunday, July 11<sup>th</sup> at 4 PM EDT the On-Premises Patch will be available and we will start the deployment to our VSA SaaS Infrastructure.</p> <p>Please watch the video post from our CEO for further details at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa%2F">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a> </p> <p>We will be providing a video update from our CTO later this evening which will be emailed to VSA customers providing further technical clarity. We will continue to provide both text and daily video updates from executives as we move forward toward a release this Sunday.</p> <p>We have also updated our runbooks for customers to prepare for the rollout and restoration of service. If you have not reviewed the runbook, please ensure you review the links below (please note we will send notifications in future email updates if runbooks are updated with additional information):</p> <p>For our <strong>VSA On-Premises</strong> customers, we have now have published a runbook of the changes to make to your on-premises environment so customers can prepare for the patch release. Here is the link to the runbook (<a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709150993%29">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993)</a>. </p> <p>For our <strong>VSA SaaS</strong> customers, we have published a runbook to help you prepare for the steps you can take after the SaaS environment returns to service at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403709476369">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a></p> </div> <p><strong>July 8, 2021 2:45 AM EDT</strong></p> <p>Please watch the video post from our CEO providing an update on the patch rollout timeline and information about our response at this link: <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa%2F">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a> </p> <p>For our VSA On-Premises customers, we have now have published a runbook of the changes to make to your on-premises environment so customers can prepare for the patch release. Here is the link to the runbook<strong> (<a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993%29%2F">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993). </a></strong></p> <p>For our VSA SaaS customers, we have published a runbook to help you prepare for the steps you can take after the SaaS environment returns to service at: <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709476369">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709476369</a> </p> <p><strong>July 7, 2021 9:45 PM EDT</strong></p> <p>For our VSA On-Premises customers, we have now have published a runbook of the changes to make to your on-premises environment so customers can prepare for the patch release. Here is the link to the runbook<strong> (<a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403709150993%29%2F">https://helpdesk.kaseya.com/hc/en-gb/articles/4403709150993). </a></strong></p> <p>We are in the process of resetting the timelines for VSA SaaS and VSA On-Premises deployment. We apologize for the delay and changes to the plans as we work through this fluid situation.</p> <p>We will be providing a video update from our CEO later this evening which will be emailed to VSA customers providing further clarity.</p> <p><strong>July 7, 2021 7:00 PM EDT </strong></p> <p><em>VSA Update</em></p> <p>We are in the process of resetting the timelines for VSA SaaS and VSA On-Premises deployment. We apologize for the delay and changes to the plans as we work through this fluid situation.</p> <p>We will be providing a video update from our CEO later this evening which will be emailed to VSA customers providing further clarity.</p> <p>For our VSA On-Premises customers, we will be publishing a runbook of the changes to make to your on-premises environment on this site later this evening customers can prepare for the patch release.</p> </div> <p><strong><span data-contrast="auto">July 7, 2021 3:00PM (On Premise VSA Customers)</span></strong></p> <p><span data-contrast="auto">The detailed runbook to prepare an On-Premise VSA implementation is being finalized. This runbook is being emailed to you, and it will be posted on our support website. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">The runbook consists of the following: </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <ul><li data-leveltext="-" data-font="Calibri" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">Steps to Isolate the VSA server from the network and the internet</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> <li data-leveltext="-" data-font="Calibri" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">How to Run the Detection Tool </span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> <ul><li data-leveltext="-" data-font="Calibri" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">The link to the detection tool is below as part of previous updates</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> </ul></li> <li data-leveltext="-" data-font="Calibri" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">Steps to patch your operating system to ensure it is up to date</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> <li data-leveltext="-" data-font="Calibri" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">A detailed review of the required changes to IIS </span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> <li data-leveltext="-" data-font="Calibri" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">How to download the FireEye agent on the VSA Server</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> <li data-leveltext="-" data-font="Calibri" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">How to implement the FireEye agent on the VSA Server</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> <li data-leveltext="-" data-font="Calibri" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">Final review of the checklist before the installation of the new VSA release</span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> </ul><p><span data-contrast="auto">The next update for On-Premise VSA Customers is scheduled for 6 pm tonight. This update will include the timing of the new VSA release for On-Premise VSA Customers.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><strong>July 7, 2021 12:00PM </strong></p> <p><em>VSA On-Premises Update</em></p> <ul><li>For on-premises customers, we will be publishing a runbook of the changes to make to your on-premises environment by 3 PM US EDT today so customers can prepare for the patch release.</li> <li>We will update the planned availability of the VSA On-Premises patch by 5 PM US EDT today.</li> </ul><p><em>VSA SaaS Update</em></p> <ul><li>During the VSA SaaS deployment, an issue was discovered that has blocked the release. We are resolving the issue that is related to our SaaS infrastructure and we plan on beginning to restoring SaaS services no later than the evening of Thursday, July 8<sup>th</sup> US time.</li> </ul></div> <p><strong>July 7, 2021 8AM EDT</strong></p> <p>As communicated in our last update, unfortunately, during the deployment of the VSA update an issue was discovered that has blocked the release. We have not yet been able to resolve the issue. The R&D and operations teams worked through the night and will continue to work until we have unblocked the release. We will provide a status update at 12:00PM US EDT.</p> </div> <p><strong>July 6, 2021 10:00PM </strong></p> <p>During the VSA SaaS deployment, an issue was discovered that has blocked the release. Unfortunately, the VSA SaaS rollout will not be completed in the previously communicated timeline. We apologize for the delay and R&D and operations are continuing to work around the clock to resolve this issue and restore service. We will be providing a status update at 8 AM US EDT.</p> </div> <p><strong>July 6, 2021 9:PM EDT</strong></p> <p>Deployment has started across the VSA SaaS infrastructure. Individual SaaS servers will come online throughout the night US time. All systems will be online and accessible by July 7<sup>th</sup> 6AM US EDT. </p> <p>We will update this page hourly as VSA SaaS instances come online.</p> </div> <p><strong><span data-contrast="auto">July 6, 2021 7:30 PM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><em><span data-contrast="auto">NOTE: </span></em> <br><em><span data-contrast="auto">THE KASEYA WEBPAGE WILL BE THE DEFINITIVE AND MOST UP-TO-DATE SOURCE FOR INFORMATION FROM THIS POINT ON DUE TO THE DYNAMIC NATURE OF THE ROLLOUT STATUS. PLEASE CHECK </span></em><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689"><em><span data-contrast="none"><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403440684689">https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689</a></span></em></a><em><span data-contrast="auto"> often to get the latest update. NOT ALL UPDATES WILL HAVE AN ASSOCIATED EMAIL.</span></em><span data-ccp-props="{"201341983":0,"335551550":2,"335551620":2,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to </span><span data-contrast="none">our teams’ fast response, we believe that this has been localized to a very small number of on-</span><span data-contrast="none">premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><em><span data-contrast="none">Our security, support, R&D, communications, and customer teams continue to work around the clock in all geographies to resolve the issue and restore our customers to service.</span></em><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><span data-contrast="none">This update provides further detail on </span><span data-contrast="none">July 6, 2021, 5:00</span><span data-contrast="none"> </span><span data-contrast="none">PM</span><span data-contrast="none"> EDT and earlier updates. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">The technical work for SaaS Deployment</span><span data-contrast="none"> </span><span data-contrast="none">has started at 4:00 PM EDT and will continue for the next several hours pending no issues</span><span data-contrast="none">. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none">We are configuring an additional layer of security to our SaaS infrastructure which will change the underlying IP address of our VSA servers (the domain names/URL will not change) For almost all customers, this change will be transparent. However if, and only if, you have whitelisted your Kaseya VSA server in your firewall(s), you will need to update the IP whitelist. The new IP addresses can be found at: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.cloudflare.com%2Fips%2F">https://www.cloudflare.com/ips/</a></span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <span data-contrast="none">No SaaS VSA services are online as of 7:30 PM. The enhanced security measures are currently being implemented and verified for proper operation</span><span data-contrast="none">. </span><span data-contrast="none">Once operational, we will then publish the VSA availability timeline.</span><span data-contrast="none"> </span><span data-contrast="none"> We will be updating the web page hourly at</span><span data-contrast="none"> </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689"><em><span data-contrast="none"><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403440684689">https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689</a></span></em></a><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="none">Our On-Premises patch timeline is 24 hours (or less) from the restoration of SaaS services. We are focused on shrinking this time frame to the minimal possible – but if there are any issues found during the spin-up of SaaS, we want to fix them before bringing our on-premises customers up.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><p><strong>Continued Advisory</strong> </p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA and a set of recommendations on how to increase your security posture.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong>July 6, 2021 5:00 PM EDT</strong></p> <p>Good progress being made. The next update will be posted by 6:00 PM.</p> <p><strong><span data-contrast="auto">July 6, 2021 12:00 PM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><em><span data-contrast="auto">Next Update is planned to be published July 6</span></em><em><span data-contrast="auto">th</span></em><em><span data-contrast="auto"> between 2:00 PM and 5:00 PM EDT. Checking this </span></em><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689"><em><span data-contrast="none">link</span></em></a><em><span data-contrast="auto"> (<a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403440684689%29">https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689)</a> is the fastest way to ensure that you have the latest information from Kaseya.</span></em><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to </span><span data-contrast="none">our teams’ fast response, we believe that this has been localized to a very small number of on-</span><span data-contrast="none">premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><em><span data-contrast="none">Our security, support, R&D, communications, and customer teams continue to work around the clock in all geographies to resolve the issue and restore our customers to service.</span></em><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><span data-contrast="none">This update provides further detail on the </span><span data-contrast="none">July 5, 2021 9:</span><span data-contrast="none">30 </span><span data-contrast="none">PM</span><span data-contrast="none"> EDT and earlier updates. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <strong><span data-contrast="none">Our Timeline for bringing SaaS servers on-line has shifted out by two hours – it is now July 6</span></strong><strong><span data-contrast="none">th</span></strong><strong><span data-contrast="none"> between 4:00 PM EDT and 7:00 PM EDT due to configuration change and enhanced security measures being put in place. </span></strong><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <strong><span data-contrast="none">Our On-Premises patch timeline is 24 hours (or less) from the restoration of SaaS services. We are focused on shrinking this time frame to the minimal possible – but if there are any issues found during the spin-up of SaaS, we want to fix them before bringing our on-premises customers up.</span></strong><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <strong><span data-contrast="none">The enhanced security measures that will be brought online are:</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="auto">24/7 Independent SOC for every VSA with the ability to quarantine and isolate files and entire VSA servers</span><span data-contrast="auto">.</span><span data-ccp-props="{"201341983":0,"335559739":0,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="auto">A complementary CDN with WAF for every VSA (Including on premise that opt-in and wish to use it – details will be available in a KB later this afternoon</span><span data-contrast="auto">). </span><span data-ccp-props="{"201341983":0,"335559739":0,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="auto">Customers who whitelist IPs will be required to need to whitelist additional IPs.</span><span data-ccp-props="{"201341983":0,"335559739":0,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="2"> <span data-contrast="auto">A new KB article on the SOC, CDN, and Whitelisting details will be published later this afternoon and linked to this KB on the Kaseya website.</span><span data-ccp-props="{"201341983":0,"335559739":0,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="5" data-aria-level="2"> <span data-contrast="auto">Greatly reduces the attack surface of Kaseya VSA overall</span><span data-contrast="auto">. </span> <span data-ccp-props="{"201341983":0,"335559739":0,"335559740":240}"> </span> </li> </ul></li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <strong><span data-contrast="none">Later today we will release a customer-ready statement for you to use to communicate to your customers on the incident and the security measures that we have put in place.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1"> <span data-contrast="none">A Compromise Detection Tool can be downloaded at the following link: </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.app.box.com%2Fs%2Fp9b712dcwfsnhuq2jmx31ibsuef6xict"><span data-contrast="none">VSA Detection Tool | Powered by Box</span></a><span data-contrast="auto"> . This continues to be enhanced, so please refer to the download site for the latest version.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="6" data-aria-level="1"> <span data-contrast="none">Incident Update – more details can be found here: </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403584098961"><span data-contrast="none">Incident Overview & Technical Details – Kaseya</span></a><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="auto">To date, we are aware of fewer than 60 Kaseya customers, all of whom were using the VSA on-premises product, who were directly compromised by this attack. While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses. </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="auto">We have not found evidence that any of our SaaS customers were compromised.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="auto">VSA is the only Kaseya product affected by the attack and all other IT Complete modules are not impacted.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul></li> </ul><p><strong>Continued Advisory</strong> </p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA and a set of recommendations on how to increase your security posture.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong><span data-contrast="auto">July 5, 2021 9:30 PM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><em><span data-contrast="auto">Next Update is planned to be published July 6</span></em><em><span data-contrast="auto">th</span></em><em><span data-contrast="auto"> between 8:00 AM and 12:00 PM EDT. Checking this </span></em><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689"><em><span data-contrast="none">link</span></em></a><em><span data-contrast="auto"> is the fastest way to ensure that you have the latest information from Kaseya.</span></em><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to </span><span data-contrast="none">our teams’ fast response, we believe that this has been localized to a very small number of on-</span><span data-contrast="none">premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><em><span data-contrast="none">Our security, support, R&D, communications, and customer teams continue to work around the clock in all geographies to resolve the issue and restore our customers to service.</span></em><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><span data-contrast="none">This update provides further detail on the </span><span data-contrast="none">July 5, 2021 1:</span><span data-contrast="none">00 </span><span data-contrast="none">PM</span><span data-contrast="none"> EDT and earlier updates. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">Incident Update</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="auto">In an effort to be transparent with our customers, Kaseya is sharing the information concerning the recent ransomware attack in an Incident Overview & Technical Details document which is available at this </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403584098961"><span data-contrast="none">link</span></a><span data-contrast="auto"> </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="auto">To date, we are aware of fewer than 60 Kaseya customers, all of whom were using the VSA on-premises product, who were directly compromised by this attack. While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses. We have not found evidence that any of our SaaS customers were compromised.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="none">We have had no new reports filed of compromises for VSA customers since Saturday July 3</span><span data-contrast="none">rd</span><span data-contrast="none">.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="2"> <span data-contrast="auto">VSA is the only Kaseya product affected by the attack and all other IT Complete modules are not impacted.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="2"> <span data-contrast="auto">An article by Reuters covers the incident - </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.reuters.com%2Ftechnology%2Fhackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05%2F"><span data-contrast="none">link</span></a><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul></li> </ul><ul><li> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">Our executive committee met this afternoon at 6:30 PM EDT to reset the timeline and process for bringing our SaaS and on-premises customers back online.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="none">The Patch for on-premises customers has been developed and is currently going through the testing and validation process. We expect the patch to be available within 24 hours after our SaaS servers have been brought up. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="none">The current estimate for bringing our SaaS servers back online is July 6</span><span data-contrast="none">th</span><span data-contrast="none"> between 2:00 PM – 5:00 PM EDT. A final go/no-go decision will be made tomorrow morning between 8:00 AM EDT – 12:00 AM EDT. These times may change as we go through the final testing and validation processes.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul></li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="auto">We will be releasing VSA with staged functionality to bring services back online sooner. The first release will prevent access to functionality used by a very small fraction of our user base, including: </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="auto">Classic Ticketing</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="auto">Classic Remote Control (not LiveConnect).</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="auto">User Portal</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul></li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">Kaseya met with the FBI/CISA tonight to discuss systems and network hardening requirements prior to service restoration for both SaaS and on-premises customers. A set of requirements will be posted prior to service restart to give our customers time to put these counter measures in place in anticipation of a return to service on July 6</span><span data-contrast="auto">th</span><span data-contrast="auto">.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none">A new version of the Compromise Detection Tool can be downloaded at the following link: </span><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.box.com%2Fs%2Fp9b712dcwfsnhuq2jmx31ibsuef6xict" rel="undefined nofollow">VSA Detection Tools.zip | Powered by Box</a><span data-contrast="auto"> </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="auto">This tool analyzes a system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IoC) are present.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="auto">The latest version searches for the indicators of compromise, data encryption, and the REvil ransom note. We recommend that you re-run this procedure to better determine if the system was compromised by REvil. </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="auto">Over 2,000 customers have downloaded this tool since Friday.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul></li> </ul><p><strong>Continued Advisory</strong> </p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA and a set of recommendations on how to increase your security posture.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong>July 5, 2021 1:00 PM EDT</strong> [Updated at 8:30 PM EDT]</p> <div> <em>Next Update is planned to be published July 5th between <span style="text-decoration: line-through;">7:00 PM and 8:00 PM</span> 8:30 PM – 9:30 PM EDT. Checking this </em><a tabindex="-1" title="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelpdesk.kaseya.com%2Fhc%2Fen-gb%2Farticles%2F4403440684689" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689" rel="noreferrer noopener nofollow"><em>link</em></a><em> is the fastest way to ensure that you have the latest information from Kaseya.</em> </div> <p><strong>July 5, 2021 1:00 PM EDT</strong> [Updated at 6:30 PM EDT]</p> <p><em>Next Update is planned to be published July 5th between <span style="text-decoration: line-through;">5:00 PM and 7:00 PM</span> 7:00 PM – 8:00 </em>8:30 - 9:30 <em>PM EDT. Checking this </em><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689" rel="noopener noreferrer nofollow" data-auth="NotApplicable" data-linkindex="0"><em>link</em></a><em> is the fastest way to ensure that you have the latest information from Kaseya.</em> </p> <p><strong><span data-contrast="auto">July</span></strong><strong><span data-contrast="auto"> </span></strong><strong><span data-contrast="auto">5, 2021 1:00</span></strong><strong><span data-contrast="auto"> </span></strong><strong><span data-contrast="auto">PM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><em><span data-contrast="auto">Next Update is planned to be published July 5</span></em><em><span data-contrast="auto">th</span></em><em><span data-contrast="auto"> </span></em><em><span data-contrast="auto">between 5:00 PM and 7:00 PM EDT. Checking this </span></em><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689"><em><span data-contrast="none">link</span></em></a><em><span data-contrast="auto"> is the fastest way to ensure that you have the latest information from Kaseya.</span></em><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to </span><span data-contrast="none">our teams’ fast response, we believe that this has been localized to a very small number of on-</span><span data-contrast="none">premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><em><span data-contrast="none">Our security, support</span></em><em><span data-contrast="none">, </span></em><em><span data-contrast="none">R&D, communications, and customer teams continue to work around the clock</span></em><em><span data-contrast="none"> </span></em><em><span data-contrast="none">in all geographies</span></em><em><span data-contrast="none"> </span></em><em><span data-contrast="none">to resolve the issue and restore our customers to service.</span></em><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><span data-contrast="none">This update provides further detail on the </span><span data-contrast="none">July 4, 2021 11:</span><span data-contrast="none">00 </span><span data-contrast="none">PM</span><span data-contrast="none"> EDT</span><span data-contrast="none"> </span><span data-contrast="none">and earlier updates</span><span data-contrast="none">. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">We will be providing a separate update with more technical details of the incident to aid our customers and security researchers during the afternoon of July 5</span><span data-contrast="none">th</span><span data-contrast="none">.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">SaaS Restoration Timeline Updates</span><span data-contrast="none"> - </span><span data-contrast="none">UPDATE</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="none">Our executive committee met this morning at 8:00 AM EDT</span><span data-contrast="none">, </span><span data-contrast="none">and</span><span data-contrast="none"> </span><span data-contrast="none">to best minimize customer risk</span><span data-contrast="none">,</span><span data-contrast="none"> felt that more time was needed before we brought the data centers back online</span><span data-contrast="none">.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="none">They elected to meet again later this afternoon at 3:00 PM EDT to reset the schedule for starting the restoration process to bring our datacenters online</span><span data-contrast="none">. </span><span data-contrast="none">We will provide an updated timeline at approximately 5:00 PM – 7:00 PM EDT today (July 5</span><span data-contrast="none">th</span><span data-contrast="none">).</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="none">We are in the midst of deploying an enhanced security monitoring infrastructure and are testing the revised incident response processes and performance management controls to ensure acceptable operations for our customers. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="2"> <span data-contrast="none">The next update will be</span><span data-contrast="none"> </span><span data-contrast="none">later</span><span data-contrast="none"> </span><span data-contrast="none">this evening (EDT</span><span data-contrast="none">) </span><span data-contrast="none">after the executive committee reconvenes</span><span data-contrast="none">.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none">On-Premises Patch Timeline Updates – NEW</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="5" data-aria-level="2"> <span data-contrast="none">We are developing the new patch for on-premises clients in parallel with the SaaS Data Center restoration. We are deploying in SaaS first as we control every aspect of that environment. Once that has begun, we will publish the schedule for distributing the patch for on-premises customers.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <span data-contrast="none">The Compromise Detection Tool can be download at the following link: </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.app.box.com%2Fs%2F0ysvgss7w48nxh8k1xt7fqhbcjxhas40"><span data-contrast="none">VSA Detection Tools.zip | Powered by Box</span></a><span data-contrast="auto"> This tool analyzes a system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IoC) are present.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong>Continued Advisory</strong> </p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="none">All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA and a set of recommendations on how to increase your security posture</span><span data-contrast="none">.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong>July 5, 2021 - 11:00 AM EDT</strong></p> <div> <p>A revision to this update is coming later today. Please check back at approximately 1:00 PM EDT.</p> </div> <p><strong><span data-contrast="auto">July 4, 2021 11:00</span></strong><strong><span data-contrast="auto"> </span></strong><strong><span data-contrast="auto">PM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><em><span data-contrast="auto">Next Update is planned to</span></em><em><span data-contrast="auto"> </span></em><em><span data-contrast="auto">be published July 5</span></em><em><span data-contrast="auto">th</span></em><em><span data-contrast="auto"> in the</span></em><em><span data-contrast="auto"> </span></em><em><span data-contrast="auto">morning EDT. Checking this link is the fastest way to ensure that you have the latest information from Kaseya.</span></em><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to </span><span data-contrast="none">our teams’ fast response, we believe that this has been localized to a very small number of on-</span><span data-contrast="none">premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><em><span data-contrast="none">Our security, support</span></em><em><span data-contrast="none">, </span></em><em><span data-contrast="none">R&D, communications, and customer teams continue to work around the clock</span></em><em><span data-contrast="none"> </span></em><em><span data-contrast="none">in all geographies</span></em><em><span data-contrast="none"> </span></em><em><span data-contrast="none">to resolve the issue and restore our customers to service.</span></em><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><span data-contrast="none">This update provides further detail on the July 4, 2021 5:45 PM EDT</span><span data-contrast="none"> </span><span data-contrast="none">and earlier updates</span><span data-contrast="none">. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">SaaS Restoration Timeline Updates</span><span data-contrast="none"> - </span><span data-contrast="none">UPDATE</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="none">Our executive committee met at 10:00 PM EDT and</span><span data-contrast="none"> </span><span data-contrast="none">to best minimize customer risk</span><span data-contrast="none">,</span><span data-contrast="none"> felt that more time was needed before we brought the data centers back online</span><span data-contrast="none">.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="none">They elected to meet again tomorrow morning at 8:00 AM EDT to reset the schedule with a goal of starting the restoration process to bring our</span><span data-contrast="none"> </span><span data-contrast="none">datacenters online by end of day on July 5</span><span data-contrast="none">th</span><span data-contrast="none"> local time (UTC) - but that timeframe is dependent on achieving some key objectives overnight</span><span data-contrast="none">.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="none">The next update will be tomorrow morning EDT after the executive committee reconvenes</span><span data-contrast="none">.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">On-Premises Patch Timeline Updates – NEW</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="none">Once we have begun the SaaS Data Center restoration process (see SaaS Restoration Timeline Updates above), we will publish the schedule for distributing the patch for on-premises customers.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><p><strong>Continued Advisory</strong> </p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none">All on-premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA and a set of recommendations on how to increase your security posture</span><span data-contrast="none">.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="none">The new Compromise Detection Tool can be download at the following link: </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.app.box.com%2Fs%2F0ysvgss7w48nxh8k1xt7fqhbcjxhas40"><span data-contrast="none">VSA Detection Tools.zip | Powered by Box</span></a><span data-contrast="auto"> This tool analyzes a system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IoC) are present.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong><span data-contrast="auto">July 4</span></strong><strong><span data-contrast="auto">, </span></strong><strong><span data-contrast="auto">2021</span></strong><strong><span data-contrast="auto"> </span></strong><strong><span data-contrast="auto">5:45</span></strong><strong><span data-contrast="auto"> </span></strong><strong><span data-contrast="auto">PM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><em><span data-contrast="auto">Next Update is planned to</span></em><em><span data-contrast="auto"> </span></em><em><span data-contrast="auto">be published July 4</span></em><em><span data-contrast="auto">th</span></em><em><span data-contrast="auto"> in the</span></em><em><span data-contrast="auto"> </span></em><em><span data-contrast="auto">very late</span></em><em><span data-contrast="auto"> </span></em><em><span data-contrast="auto">evening EDT. The update will be published on the Kaseya.com support</span></em><em><span data-contrast="auto"> </span></em><em><span data-contrast="auto">website (link</span></em><em><span data-contrast="auto"> </span></em><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689"><em><span data-contrast="none">here</span></em></a><em><span data-contrast="auto">)</span></em><em><span data-contrast="auto"> in advance of the email being sent. Checking this link is the fastest way to ensure that you have the latest information from Kaseya.</span></em><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to </span><span data-contrast="none">our teams’ fast response, we believe that this has been localized to a very small number of on-</span><span data-contrast="none">premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><em><span data-contrast="none">Our security, support R&D, communications, and customer teams continue to work around the clock</span></em><em><span data-contrast="none"> </span></em><em><span data-contrast="none">in all geographies</span></em><em><span data-contrast="none"> </span></em><em><span data-contrast="none">to resolve the issue and restore our customers to service.</span></em><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><span data-contrast="none">This update provides further detail on the July 4</span><span data-contrast="none">, </span><span data-contrast="none">2021</span><span data-contrast="none"> </span><span data-contrast="none">10:00AM EDT</span><span data-contrast="none"> </span><span data-contrast="none">and earlier updates</span><span data-contrast="none">. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <p><span data-contrast="none">Our efforts</span><span data-contrast="none"> </span><span data-contrast="none">have</span><span data-contrast="none"> </span><span data-contrast="none">shifted from root cause analysis and mitigating the vulnerability to beginning the execution of our service recovery plan. This plan will consist of the following stages:</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">Communication of our phased recovery plan with SaaS first followed by on-premises customers</span><span data-contrast="none">. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="none">In the spirit of responsible disclosure, Kaseya will be publishing a summary of the attack and what we have done to mitigate it. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="none">Some lightly-used legacy VSA functionality will be removed as part of this release out of an abundance of caution. A specific list of the functionality and its impact on VSA capabilities will be outlined in the release notes. </span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="none">There will be new security measures implemented including enhanced security monitoring of our SaaS servers by FireEye and</span><span data-contrast="none"> </span><span data-contrast="none">enablement of enhanced WAF capabilities</span><span data-contrast="none">.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="none">We have successfully completed an external Vulnerability Scan, checked our SaaS Databases for Indicators of Compromise, and have had external security experts review our code to ensure a successful service restart</span><span data-contrast="none">.</span><br></li> </ul></li> </ul><ul><li> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">SaaS Restoration Timeline Updates</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="none">Our executive committee plans to meet on</span><span data-contrast="none"> </span><span data-contrast="none">July 5</span><span data-contrast="none">th</span><span data-contrast="none"> at 5:00 AM UTC (12:00 AM EDT) to make a readiness decision on restarting SaaS within the following time windows:</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul></li> </ul><ul><li> <ul><li> <ul><li data-leveltext="" data-font="Wingdings" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="3"> <span data-contrast="none">EU, UK, & APAC Data Centers: July 5 - 9</span><span data-contrast="none">:</span><span data-contrast="none">00 AM UTC</span><span data-contrast="none"> – </span><span data-contrast="none">1:00 PM UTC</span><span data-contrast="none"> (</span><span data-contrast="none">4:00 AM EDT</span><span data-contrast="none"> – </span><span data-contrast="none">8:00 AM EDT)</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Wingdings" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="3"> <span data-contrast="none">North American Data Centers: July 5 - 5:00 PM</span><span data-contrast="none"> </span><span data-contrast="none">EDT – 10:00 PM EDT</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul></li> </ul></li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="none">These times/dates are subject to change and a status update will be posted on the website by 1:00 AM UTC as to whether we are adhering to the above schedule or</span><span data-contrast="none"> </span><span data-contrast="none">not. If not, we will publish a revised schedule at that time.</span><br></li> </ul></li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">For our SaaS Users:</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="2"> <span data-contrast="none">We will bring our SaaS data centers back on-line on a one-by-one basis starting with our EU</span><span data-contrast="none">, UK and APAC</span><span data-contrast="none"> data centers followed by our North American data</span><span data-contrast="none"> </span><span data-contrast="none">centers.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="auto">We will be adding an additional layer of security to our SaaS infrastructure which will change the underlying IP addresses of our VSA servers (the domain names/URLs will </span><span data-contrast="auto">not</span><span data-contrast="auto"> change). For almost all customers this change will be transparent. However if, </span><span data-contrast="auto">and only if</span><span data-contrast="auto">, you have whitelisted your Kaseya VSA server in your firewall(s), you will need to update the IP whitelist. We will provide the new IP addresses prior to returning to service.</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="2"> <span data-contrast="none">Out of an abundance of caution, we have deleted all queued jobs that were pending as of the system shutdown on Friday</span><span data-contrast="none">. </span><span data-contrast="none">Once we have restored service, you can re-initiate those jobs should they be necessary.</span> </li> </ul></li> </ul><ul><li> </li> </ul><ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none">For our On-Premises Users</span><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul><ul><li> <ul><li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="auto">We are currently building our on-premises release to make available to customers. We will begin the </span><span data-contrast="none">communication of the on-premises release process on July 5</span><span data-contrast="none">th</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":120,"335559740":240}"> </span> </li> <li data-leveltext="o" data-font="Courier New" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="2"> <span data-contrast="none">We are working on a program to enable us to extend our new security measures to our on-premise customers. Most details for this will be available prior to the release of the on-premises patch.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":120,"335559740":240}"> </span> </li> </ul></li> </ul><ul><li> </li> </ul><p><strong><span data-contrast="none">Continued Advisory</span></strong><span data-ccp-props="{"201341983":0,"335559739":120,"335559740":259}"> </span></p> <ul><li> <span data-contrast="none">All On-Premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA and a set of recommendations on how to increase your security posture</span><span data-contrast="none">.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <span data-contrast="none">The new Compromise Detection Tool can be download at the following link: </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.app.box.com%2Fs%2F0ysvgss7w48nxh8k1xt7fqhbcjxhas40"><span data-contrast="none">VSA Detection Tools.zip | Powered by Box</span></a><span data-contrast="auto"> This tool analyzes a system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IoC) are present.</span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong><span data-contrast="auto">July 4, 2021 5:00 PM EDT </span></strong></p> <div>We are working on a status update which will be posted here shortly.</div> <p><strong><span data-contrast="auto">July 4, 2021 10:00</span></strong><strong><span data-contrast="auto"> </span></strong><strong><span data-contrast="auto">AM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><span data-contrast="auto">Latest Updates will be published at: </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689">Important Notice July 3rd, 2021 – Kaseya</a> </p> <p><em><span data-contrast="auto">Next Update will be published July 4</span></em><em><span data-contrast="auto">th</span></em><em><span data-contrast="auto"> in the early afternoon EDT</span></em><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to </span><span data-contrast="none">our teams’ fast response, we believe that this has been localized to a very small number of on-</span><span data-contrast="none">premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p>Our security, support R&D, communications, and customer teams continue to work around the clock in all geographies through the weekend to resolve the issue and restore our customers to service. </p> <p> </p> <p><span data-contrast="none">This update provides further detail on the July 3, 2021 7:30 PM EDT and 9:00 PM EDT updates</span><span data-contrast="none">. </span>The changes are underlined for clarity. </p> <p><strong><span data-contrast="none">Continued Advisory</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">SaaS & Hosted VSA Servers will become operational once Kaseya has determined that we can safely restore operations.</span><span data-contrast="none"> </span>We are in the process of formulating a staged return to service of our SaaS server farms with restricted functionality and a higher security posture (estimated in the next 24-48 hours but that is subject to change) on a geographic basis. More details on both the limitations, security posture changes, and time frame will be in the next communique later today. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none">All On-Premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA</span><span data-contrast="none"> </span>and a set of recommendations on how to increase your security posture. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong><span data-contrast="none">Key Points on Current Status:</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> The new Compromise Detection Tool was rolled out last night to almost 900 customers who requested the tool. Based on feedback from customers, we will be publishing an update to the tool this morning that improves its performance and usability. <strong>There are no changes that will require you to re-run the tool on systems that you have already scanned.</strong> <br> <br>This new version of the Compromise Detection Tool will be automatically sent to customers who received the first version. New requests can be made by sending an email to <a rel="nofollow" href="mailto:support@kaseya.com">support@kaseya.com</a> with the subject “Compromise Detection Tool Request”. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1">We will be opening up a private download site for end customers to get access to the Compromise Detection Tool once we have ensured the security, integrity, and trackability of the download process. More about this in the next update. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <span data-contrast="auto">We continue to work with FireEye Mandiant IR</span><span data-contrast="auto"> </span><span data-contrast="auto">(a leading computer incident response firm</span><span data-contrast="auto">) </span><span data-contrast="auto">on the security incident</span><span data-contrast="auto">. </span>Our joint efforts have not identified any new IoCs since yesterday and we have deployed our Compromise Detection Tool at hundreds of customers. At this point, no “False Positives” have been reported by users. [Note: A “False Positive” indicates that the Compromise Detection Tool incorrectly classifies a system as impacted when it wasn’t] </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="auto">We have been actively engaged with </span>FireEye<span data-contrast="auto"> and </span>other security assessment firms<span data-contrast="auto"> to assess the manner and impact of the attack to ensure that our R&D organization has properly identified and mitigated the vulnerability. </span><span data-contrast="auto"> </span><span data-contrast="auto">We are continuing the investigation in parallel with the remediation steps.</span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1">R&D has replicated the attack vector and the mitigation work is in progress. We expect to complete the work in the next 24-48 hours and the testing is progressing in parallel. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="6" data-aria-level="1">Fred Voccola, CEO of Kaseya, was interviewed regarding this incident on Good Morning America on the ABC network on Sunday, July 4th. The interview was significantly edited down from the full interview that Fred gave. The short message was: “We are confident we know how it happened and we are remediating it.” </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="7" data-aria-level="1"> We have engaged with the FBI and DHS CISA and are working with them on an incident-handling process for our worldwide customers impacted by the cyberattack. The following message will be posted to the FBI website: <br> <br>“If you feel your systems have been compromised as a result of the Kaseya ransomware incident, we encourage you to employ all recommended mitigations, follow Kaseya's guidance [LINK 'Kaseya's guidance' TO <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.kaseya.com%2Fpotential-attack-on-kaseya-vsa">https://www.kaseya.com/potential-attack-on-kaseya-vsa</a>] to shut down your VSA servers immediately, and report your compromise to the FBI at <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.ic3.gov%2F">https://www.IC3.gov</a>. Due to the potential scale of this incident, we may be unable to respond to each victim individually but all information we receive will be useful in countering this threat.”<span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="8" data-aria-level="1"> <span data-contrast="auto">At this time, we believe that none of our NOC customers </span><span data-contrast="auto">(</span><span data-contrast="auto">neither SaaS nor on-premises</span><span data-contrast="auto">) </span><span data-contrast="auto">were affected by the attack.</span><span data-contrast="auto"> </span>We’re continuing to investigate, but no compromised NOC customers have been found as of July 4th at 10:00 AM EDT. </li> <li data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"> <span data-contrast="auto">Kaseya executives are directly reaching out to impacted customers to understand their situations and what assistance is possible. If you believe that you have been impacted, please contact </span><a rel="nofollow" href="mailto:support@kaseya.com"><span data-contrast="none">support@kaseya.com</span></a><span data-contrast="auto"> with the subject “Security Incident Report</span><strong><span data-contrast="auto">.” </span></strong><strong>There have been</strong><strong> </strong><strong>no new reports of compromises</strong><strong> </strong><strong>since our last report yesterday</strong>.<span data-contrast="auto"> </span> <span data-contrast="auto">We are confident we understand the scope of the issue and are partnering with each client to do everything possible to remediate. We believe that there is zero related risk right now for any VSA client who is a SaaS customer or on-premises VSA customer who has their server offline</span><span data-contrast="auto">. </span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> </ul><p><strong><span data-contrast="auto">July 3, 2021 9:00 PM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><span data-contrast="auto">Latest Updates will be published at: </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689"><span data-contrast="none">Important Notice July 3rd, 2021 – Kaseya</span></a><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to </span><span data-contrast="none">our teams’ fast response, we believe that this has been localized to a very small number of on-</span><span data-contrast="none">premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><span data-contrast="none">This update provides further detail on the 1:30 PM EDT update. </span>The changes are underlined for clarity. </p> <p><strong><span data-contrast="none">Key Points on Current Status:</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">All On-Premises VSA Servers should continue to remain offline until further instructions from Kaseya about when it is safe to restore operations. A patch will be required to be installed prior to restarting the VSA. We plan to give our first time estimate in tomorrow mornings update at approximately 9:00 AM EDT.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none">SaaS & Hosted VSA Servers will become operational once Kaseya has determined that we can safely restore operations.</span><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized.</span></strong><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1">A new Compromise Detection Tool will be available to Kaseya VSA customers <strong>later this evening</strong> to help you assess your (or your client’s) systems status. Request by sending an email to <a rel="nofollow" href="mailto:support@kaseya.com">support@kaseya.com</a> with the subject “Compromise Detection Tool Request”. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1">With the availability of the Compromise Detection tool, we strongly recommend that compromised customers immediately begin the recovery process. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="6" data-aria-level="1">Fred Voccola, CEO of Kaseya, will be interviewed regarding this incident on Good Morning America on the ABC network on Sunday, July 4th. Please consult your local TV listings for times in your region. (This is subject to last minute rescheduling by the network) </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="7" data-aria-level="1"> <span data-contrast="auto">Kaseya executives are directly reaching out to impacted customers to understand their situations and what assistance is possible. If you believe that you have been impacted, please contact </span><a rel="nofollow" href="mailto:support@kaseya.com"><span data-contrast="none">support@kaseya.com</span></a><span data-contrast="auto"> with the subject “Security Incident Report.” </span>There has been only one new report of a compromise occurring today due to a VSA on-premises server being left on. We are confident we understand the scope of the issue and are partnering with each client to do everything possible to remediate. We believe that there is zero related risk right now for any VSA client who is a SaaS customer or on-prem VSA customer who has their server off. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="8" data-aria-level="1"> <span data-contrast="auto">We have engaged a computer incident response firm (</span>FireEye Mandiant IR<span data-contrast="auto">) to identify the indicators of compromise (IoCs) to ensure that we can identify which systems and data were accessed. </span>We have identified a set of preliminary IoCs and have been working with our affected customers to validate them. The availability of the Compromise Detection Tool) is based on our interactions with our outside experts. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="9" data-aria-level="1"> <span data-contrast="auto">We have been actively engaged with </span>FireEye<span data-contrast="auto"> and </span>other security assessment firms<span data-contrast="auto"> to assess the manner and impact of the attack to ensure that our R&D organization has properly identified and mitigated the vulnerability. </span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="10" data-aria-level="1"> <span data-contrast="auto">R&D has replicated the attack vector and is working on mitigating it. </span>We have begun the process of remediating the code and will include regular status updates on our progress starting tomorrow morning. We will begin working with select customers to field test the changes once we have completed the work and tested it thoroughly in our environment.<span data-contrast="auto"> We will not publish a resolution timeframe until we have thoroughly validated and tested the proposed solution. </span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="11" data-aria-level="1"> <span data-contrast="auto">At this time, we believe that none of our NOC customers (neither SaaS nor on-premises) were affected by the attack. </span>We’re continuing to investigate this, but no compromised NOC customers have been found as of 7:00 PM EDT. </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="12" data-aria-level="1"> <span data-contrast="auto">We have engaged with the FBI and are working with them on an incident-handling process for our worldwide customers impacted by the cyberattack. </span><span data-ccp-props="{"201341983":0,"335559739":0,"335559740":240}"> </span> </li> </ul><h3 data-id="the-next-update-will-be-sunday-july-4th-at-9-am-edt">The next update will be Sunday, July 4th at 9 am EDT.</h3> <p><strong><span data-contrast="auto">July 3, 2021 1:30 PM EDT</span></strong><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><span data-contrast="auto">Latest Updates will be published at: </span><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fkaseya%2Fhc%2Fen-gb%2Farticles%2F4403440684689"><span data-contrast="none">Important Notice July 3rd, 2021 – Kaseya</span></a><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="none">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. </span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <p><span data-contrast="auto">Kaseya is progressing on the security incident along multiple workstreams:</span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">Since the security of our customers is paramount, </span><strong><span data-contrast="none">we are continuing to strongly recommend that our on-premises customers’ VSA servers remain offline until further notice</span></strong><span data-contrast="none">. We will also keep our SaaS servers offline until further notice. </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <strong><span data-contrast="none">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized. </span></strong><span data-contrast="none"> </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <span data-contrast="auto">We have engaged with the FBI and are working with them on an incident handling process for our worldwide customers impacted by the cyberattack. We will be publishing a list of contacts later today.</span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="auto">Kaseya executives are directly reaching out to impacted customers to understand their situations and what assistance is possible. If you believe that you have been impacted, please contact </span><a rel="nofollow" href="mailto:support@kaseya.com"><span data-contrast="none">support@kaseya.com</span></a><span data-contrast="auto"> with the subject “Security Incident Report.”</span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="5" data-aria-level="1"> <span data-contrast="auto">We continue to engage with Industry experts to assess the manner and impact of the attack to ensure that our R&D organization has properly identified and mitigated the vulnerability. </span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="6" data-aria-level="1"> <span data-contrast="auto">R&D has replicated the attack vector and is working on mitigating it. We will not publish a resolution timeframe until we have thoroughly validated and tested the proposed solution. We appreciate your patience.</span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="7" data-aria-level="1"> <span data-contrast="auto">We have engaged a computer forensics firm to identify the indicators of compromise (IOCs) to ensure that we can identify which systems and data were accessed. </span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">R&D is working on a self-assessment tool for our customers, to enable them to definitively determine whether they were affected. This will be published as part of the patch for on-premises customers.</span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="auto">At this time, we believe that none of our NOC customers (neither SaaS nor on-premises) were affected by the attack. We’re continuing to investigate this.</span><span data-ccp-props="{"201341983":0,"335559739":360,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <strong><span data-contrast="none">ALL ON-PREMISES VSA SERVERS SHOULD CONTINUE TO REMAIN OFFLINE UNTIL FURTHER INSTRUCTIONS FROM KASEYA ABOUT WHEN IT IS SAFE TO RESTORE OPERATIONS. A PATCH WILL BE REQUIRED TO BE INSTALLED PRIOR TO RESTARTING THE VSA.</span></strong><br></li> <li data-leveltext="" data-font="Symbol" data-listid="3" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <strong><span data-contrast="none">SAAS & HOSTED VSA SERVERS WILL BECOME OPERATIONAL ONCE KASEYA HAS DETERMINED THAT WE CAN SAFELY RESTORE OPERATIONS.</span></strong><span data-ccp-props="{"134233117":true,"201341983":0,"335559739":180,"335559740":240}"> </span> </li> </ul><p><strong><span data-contrast="auto">JULY 3, 2021 10:00 AM EDT</span></strong><span data-contrast="auto"> </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559685":540,"335559740":240}"> </span></p> <p><span data-contrast="auto">Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559685":540,"335559740":240}"> </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559685":540,"335559740":240}"> </span></p> <p><span data-contrast="auto">Since the security of our customers is paramount, </span><strong><span data-contrast="auto">we are continuing to strongly recommend that our on-premises customers’ VSA servers remain down until further notice</span></strong><span data-contrast="auto">. We will also keep our SaaS servers offline until further notice. </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559685":540,"335559740":240}"> </span></p> <p><strong><span data-contrast="auto">We have been advised by our outside experts, that customers who experienced ransomware and receive communication from the attackers should not click on any links -- they may be weaponized. </span></strong><span data-contrast="auto"> </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559685":540,"335559740":240}"> </span></p> <p><span data-contrast="auto">Kaseya has been working </span><strong><span data-contrast="auto">around the clock</span></strong><span data-contrast="auto"> to resolve this issue from a security assessment, client support, progress update, technical resolution, and return to operational status standpoint. </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559685":540,"335559740":240}"> </span></p> <p><span data-contrast="auto">A comprehensive update is in progress and will be published later this morning (EDT). This communication will include prescriptive information on: </span><br></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">The external authorities (FBI, Incident Response Experts) that we have engaged and how we are leveraging them for assistance; </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="auto">How our customers can engage Kaseya for assistance and what we can do to help; </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"> <span data-contrast="auto">How to determine whether customers have been compromised; </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="auto">Status updates from R&D on the progress of the patch for on-premises users; </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="auto">The plan to bring our SaaS and on-premises customers back online; </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="auto">A detailed description of the Security Incident process and current status; </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="auto">A schedule for communications updates; </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> <li data-leveltext="" data-font="Symbol" data-listid="6" aria-setsize="-1" data-aria-posinset="4" data-aria-level="1"> <span data-contrast="auto">Other important information about the recovery process. </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> <span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559685":540,"335559740":240}"> </span> </li> </ul><p><span data-contrast="auto">Ongoing updates will be provided every 3-4 hours or more often based on breaking details. </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559685":540,"335559740":240}"> </span></p> <ol><li data-leveltext="%1." data-font="Calibri" data-listid="8" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="none">ALL ON-PREMISEs VSA SERVERS SHOULD CONTINUE TO REMAIN OFFLINE UNTIL FURTHER INSTRUCTIONS FROM KASEYA.</span><span data-contrast="none"> </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> </ol><ol><li data-leveltext="%1." data-font="Calibri" data-listid="8" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="none">SAAS & HOSTED VSA SERVERS WILL BECOME OPERATIONAL ONCE KASEYA HAS DETERMINED THAT WE CAN SAFELY RESTORE OPERATIONS.</span><span data-contrast="none"> </span><span data-ccp-props="{"134233117":true,"134233118":true,"201341983":0,"335559740":240}"> </span> </li> </ol><p><strong><u>KASEYA VSA UPDATE – 11:00 PM EDT</u></strong></p> <ol><li>ALL ON-PREMISE VSA SERVERS SHOULD CONTINUE TO REMAIN DOWN UNTIL FURTHER INSTRUCTIONS FROM KASEYA ABOUT WHEN IT IS SAFE TO RESTORE OPERATIONS. A PATCH WILL BE REQUIRED TO BE INSTALLED PRIOR TO RESTARTING THE VSA.<br><br></li> <li>SAAS & HOSTED VSA SERVERS WILL BECOME OPERATIONAL ONCE KASEYA HAS DETERMINED THAT WE CAN SAFELY RESTORE OPERATIONS.</li> </ol><p>SEE UPDATE BELOW (10:00 PM EDT) FOR MORE INFORMATION ON THE INCIDENT</p> <p><u>THE NEXT UPDATE WILL BE AT APPROXIMATELY 9:00 AM EDT ON SATURDAY 7/3/2021 </u></p> <p><strong><u>KASEYA VSA UPDATE – 10:00 PM EDT</u></strong></p> <p>Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya’s Incident Response team learned of a potential security incident involving our VSA software. </p> <p>We took swift actions to protect our customers: </p> <ul><li> Immediately shut down our SaaS servers as a precautionary measure, even though we had not received any reports of compromise from any SaaS or hosted customers; </li> <li> Immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised. </li> </ul><p>We then followed our established incident response process to determine the scope of the incident and the extent that our customers were affected. </p> <ul><li> We engaged our internal incident response team and leading industry experts in forensic investigations to help us determine the root cause of the issue; </li> <li> We notified law enforcement and government cybersecurity agencies, including the FBI and CISA. </li> </ul><p>While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability. We have received positive feedback from our customers on our rapid and proactive response. </p> <p>While our investigation is ongoing, to date we believe that: </p> <ul><li> <div>Our SaaS customers were never at-risk. We expect to restore service to those customers once we have confirmed that they are not at risk, which we expect will be within the next 24-48 hours;</div> </li> <li> Only a very small percentage of our customers were affected – currently estimated at fewer than 40 worldwide. </li> </ul><p>We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it for our on-premises customers that will be tested thoroughly. We will release that patch as quickly as possible to get our customers back up and running. </p> <p>I am proud to report that our team had a plan in place to jump into action and executed that plan perfectly today. We’ve heard from the vast majority of our customers that they experienced no issues at all, and I am grateful to our internal teams, outside experts, and industry partners who worked alongside us to quickly bring this to a successful outcome. </p> <p>Today’s actions are a testament to Kaseya’s unwavering commitment to put our customers first and provide the highest level of support for our products. </p> <p>Fred Voccola, CEO<br>Kaseya</p> <p><strong><u>KASEYA VSA UPDATE – 4:00 PM EDT</u></strong></p> <p>We are experiencing a potential attack against the VSA that has been limited to a small<br>a number of on-premise customers only as of 2:00 PM EDT today.</p> <p>We are in the process of investigating the root cause of the incident with an abundance<br>of caution <strong><u>but we recommend that you IMMEDIATELY shutdown your VSA server until<br>you receive further notice from us</u></strong>.</p> <p><strong><u>It's critical that you do this immediately because one of the first things the attacker does<br>is shutoff administrative access to the VSA.</u></strong></p> <p> </p> </article> </main>