Ward Off Ransomware Attacks, Kaseya Adds Security Measures For Clients

Kaseya CEO Fred Voccola, emphasized that his company is ready to accommodate complaints against ransomeware 24 hours. (photo: screenshot)

JAKARTA - Software vendor Kaseya said additional security measures were being put in place to protect its clients. This was done after the weekend or 4th of July ransomware attacks appeared almost all over the world.

The attack affected approximately 60 MSP customers who supply IT management services and up to 1.500 of Kaseya's clients. The company implements an independent security operations center 24/7 for each VSA server.

Each central server will have the ability to quarantine and isolate files and entire VSA servers. Kaseya also created a content delivery network with a web application firewall available for each VSA server.

Meanwhile, customers who whitelisted IPs will be asked to whitelist additional IPs. Kaseya posted an article on his website Tuesday, July 6, which offers additional background on security measures.

The REvil attack affected a vulnerable local version of the company's VSA remote IT management software and not the software version as a service. But Kaseya downgraded both versions as a precautionary measure.

In Tuesday's midday update, Kaseya said they hope to bring its SaaS servers back online between 4 p.m. and 7 p.m.

"Our local patch timeline is 24 hours (or less) from SaaS service recovery. We're focused on collapsing this timeframe to a minimum - but if any issues are discovered during a SaaS spin-up, we'd like to fix them before bringing our local customers in", said Fred Voccola, CEO of Kaseya, in a press release.

Kaseya emphasized that customers who experience ransomware attacks and receive communications from attackers should not click on any links as they trigger the attack.

On the evening of Monday, July 6, Kaseya reported that 60 of its customers had been compromised by ransomware exploiting an unpatched vulnerability. The customer is supplying IT management services to others, including up to 1.500 organizations that are thought to have been affected by the attack

Eastern European criminal group REvil, aka Sodinokibi, used ransomware code to target affiliate businesses linked to customers of managed service provider Kaseya. The types of businesses affected by the attacks included dentist offices, small accounting offices, restaurants, and others.

Attackers affiliated with the REvil group claim to have attacked 1 million organizations. On July 5, the criminal gang began demanding USD 70 million in bitcoins for a universal decryption tool that it said would decrypt all victims' files. As of Monday evening, that figure had been reduced to USD 50 million.