Kaseya has had to put off re-starting cloud service of its VSA remote IT monitoring service and releasing a fix for the on-premise version to Sunday, meaning customers will have been without the online service for over nine days.
The company had thought service would be restored tonight after several delays. Buy in a video statement released Wednesday night, company CEO Fred Voccola said the target is now 4 p.m. Eastern on July 11. It is a time “we are very confident on,” he added.
“We felt comfortable with the release [set for Thursday], so did the third party engineers we’ve been working with as well as our own IT people (but) they made some suggestions to put additional layers of protection in there for things we might not be able to foresee.
“This was probably the hardest decision I have had to make in my career, and we decided to pull it for an additional three and a half days … to make sure it is hardened as much as we feel we can do for our customers. Every software product has vulnerabilities and flaws. It’s our job to make sure we‘re doing everything we can so they don’t impact you…. I feel extremely confident that this Sunday, 4 o’clock Eastern, we will have customers back online, both cloud and online.”
Meanwhile, a detailed preparation runbook for IT administrators using the on-prem version of the suite has emailed to customers with instructions on how to isolate their VSA servers from the network and the internet before installing the patch, and how to add a new FireEye agent to increase security.
The company’s CTO will also give regularly scheduled video briefings for IT staff needing additional technical information.
He also promised direct financial assistance for managed service provider customers who have been “crippled” by not being able to offer service to their customers, as well as help for those facing payment problems.
“The fact we had to take down VSA (last Friday) is very disappointing to me,” he added. “I feel like I let the community down, I let my company down, our company let you down.”
The REvil ransomware gang began attacking organizations using the on-premise version of VSA last Friday, apparently taking advantage of vulnerabilities in the suite that Kaseya had been warned about and was in the middle of fixing.
Kaseya estimates that some 60 managed service providers and 1,500 of their customers and individual organizations were hit by ransomware. For unknown reasons, these were straight ransomware attacks — no data was stolen.
REvil has tailored its ransomware demands, asking the equivalent in digital currency of $5 million from MSPs, about $44.000 from individual organizations and $70 million for what it calls a universal decryptor.
Separately, in an interview, an official of BDO Canada, a business consultancy, said the attack shows that organizations have to be better prepared to face cyber attacks. Vivek Gupta, a partner and cybersecurity leader at the firm, said many Canadian small and medium-sized businesses still don’t take cybersecurity seriously. That includes evaluating the risks of third-party partners and having incident response and business continuity plans.