Kaseya releases patch and restores services following REvil ransomware attack

Kaseya Ltd. has released a patch and restored services some 10 days after its software was targeted by the REvil ransomware gang.

A patch has been released for Kaseya VSA On-Premises customers and has been deployed to VSA software-as-a-service infrastructure. The VSA 9.5.7a (9.5.7.2994) update fixes three zero-day vulnerabilities, those heretofore undiscovered, that were used in the REvil ransomware attacks.

On its rolling updates, Kaseya said this morning that SaaS customers were now back up and running, although the service suffered issues during the day. As of an update at 12:15 p.m. EDT, “unplanned maintenance” resulting in downtime occurred. Kaseya said the maintenance was the result of a “large number of users coming back online in a short window,” resulting in some performance issues.

Although services may have been restored for Kaseya VSA SaaS customers, it may take some time for On-Premises customers such as managed service providers to apply the update and restore services to their customers.

The news will be a relief for many customers, but the issues for Kaseya are likely to continue. The problem for Kaseya is that it has some culpability for not taking adequate steps to protect its software from attack.

On July 11, by the Dutch Institute for Vulnerability Disclosure revealed that a vulnerability it had informed Kaseya of in April had not been patched despite assurances from the company it had. The vulnerability discovered by DIVD was one of three vulnerabilities exploited by REvil.

Then it got worse. Over the weekend, five former employees claimed that Kaseya knew of critical flaws in their software but ignored them. The employees said they flagged wide-ranging cybersecurity concerns to company leaders between 2017 and 2020, but they were not fully addressed.

The former employees identified serious issues, including software using outdated code, weak encryption and passwords through the company’s products and servers, a failure to adhere to basic cybersecurity practices such as regularly patching software and a focus on sales over other priorities.

Kaseya may face issues with regulations such as European Union General Data Protection Regulation and the California Consumer Privacy Act if those accusations are true.

The attack also continues to have geopolitical considerations after The White House, July 6 vowed to take action against Russia if the attack was linked to the country. U.S. President Joe Biden spoke to Russian President Putin on July 9, when he underscored the need for Russia to disrupt ransomware groups operating in the country.

Image: Kaseya