We are monitoring a REvil 'supply chain' attack outbreak, which seems to stem from a malicious Kaseya update. REvil binary C:\Windows\mpsvc.dll is side-loaded into a legit Microsoft Defender copy, copied into C:\Windows\MsMpEng.exe to run the encryption from a legit process.
“The REvil ransomware gang is asking for $70 million for a universal decryptor that can unlock all computers locked. In a message the REvil gang took credit for the attack and claimed they locked more than one million systems during the Kaseya incident.” therecord.media/revil-gang-asks-70-million-to-decrypt-systems-locked-in-kaseya-attack/
r/t REvil ransomware rampages following Kaseya supply-chain attack grahamcluley.com/revil-ransomware-rampages-following-kaseya-supply-chain-attack/
Hello! Wake up - this is problem of global scale…….. The ransomware group REvil has focused its attack on Kaseya VSA, software used by large companies and technology-service providers to manage and distribute software updates www.wsj.com/articles/ransomware-group-behind-meat-supply-attack-threatens-hundreds-of-new-targets-11625285071
Quotes delayed at least 15 minutes. Real-time quotes provided by BATS BZX Real-Time Price. Market Data provided by Interactive Data (Terms & Conditions). Powered and Implemented by Interactive Data Managed Solutions. Company fundamental data provided by Morningstar. Earnings estimates data provided by Zacks. Mutual fund and ETF data provided by Lipper. Economic data provided by Econoday. Dow Jones & Company Terms & Conditions.
Check out what's clicking on FoxBusiness.com.
Well over 1,000 companies across the globe may have been affected by a ransomware attack that targeted software firm Kaseya, as hackers demand $70 million to undo the damage.
A spokesperson for Kaseya told FOX Business on Monday that less than 60 of its customers had been affected, but between 800 and 1,500 of those companies’ customers may have been reached.
As previously reported by FOX Business, the hackers targeted trusted support service providers in the hopes of penetrating customer networks. One of Kaseya’s tools was used to infect companies.
A spokesperson for Huntress Labs, the cybersecurity firm that is working with companies in response to the attack, told FOX Business that it is tracking more than 30 managed service providers across the U.S., European Union, Australia and Latin America where the tool was used to target "well over 1,000 businesses."
Experts at Huntress said they "strongly" believe the ransomware attack was spearheaded by REvil/Sodinikibi. REvil is the group that was named as responsible for another massive attack on critical U.S. infrastructure earlier this year.
While the hackers have demanded $70 million to restore systems, Reuters reported on Monday that they were willing to negotiate.
The team at Kaseya has said they have been able to replicate the attack vector and are working on distributing a patch. The company also said they are working with the FBI.
Read full article at Fox Business
05 July, 2021 - 10:06pm
05 July, 2021 - 10:06pm
Why it matters: The hack is the latest and most dramatic in a series of high-profile ransomware attacks this year, exposing the pandemic-style threat that this type of cybercrime poses to companies and governments around the world.
Details: Hundreds of companies were directly hit by the supply-chain attack on Kesaya's VSA software, which provides IT services to small and medium-sized businesses, according to CNET. At least 36,000 companies were indirectly impacted.
The Coop, one of Sweden's largest grocery chains, had to close 800 of its stores, according to the New York Times.
Kaseya said in a Sunday night update that its executive committee will meet Monday morning "with a goal of starting the restoration process to bring our datacenters online by end of day on July 5," though it cautioned that this timeline could change.
What they're saying: "This is without a doubt going to turn out to be the biggest most destructive ransomware campaign that we’ve seen so far," tweeted Dmitri Alperovitch, co-founder and former chief technology officer of cybersecurity firm Crowdstrike.
"Huge number of victims all over the world. Entire networks encrypted. No way to decrypt today without paying millions per network of any significant size."
The latest: The $70 million ransomware demand was posted to a dark-web blog typically used by REvil, the Russia-linked cybercrime gang behind the attack that crippled the U.S. operations of meat processor JBS.
The White House said in a statement Sunday that President Biden has "directed the full resources of the government to investigate this incident," and urged businesses to adopt recommendations released last month to shore up their cyber defenses.
The FBI asked businesses to report whether their systems have been compromised, but cautioned that it may not be able to respond to each victim individually "[d]ue to the potential scale of this incident."
Our thought bubble: Coming just two weeks after President Biden's personal warning to Vladimir Putin during the Geneva summit, the attack looks like the Russians thumbing their nose at the tough talk.
"The initial thinking was it was not the Russian government, but we're not sure yet," Biden told reporters on Saturday. "If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond."
Go deeper: The ransomware pandemic
Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit. An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. REvil was demanding ransoms of up to $5 million, the researchers said.
President Joe Biden’s latest round of attacks on guns is helping to drive a historic sales surge that continues to leave store shelves bare of firearms and ammunition.
A group of heavily-armed men who say they’re part of a movement “that does not recognize” the laws of the United States were arrested Saturday after a nine-hour standoff with police that shut down parts of a Massachusetts interstate.
A French treasure hunter has sued the estate of a Santa Fe, New Mexico, antiquities dealer who sparked a yearslong search across the American West by hiding a chest filled with gold, coins and other valuables. Bruno Raphoz is seeking $10 million in a complaint filed last week in U.S. District Court in New Mexico. The lawsuit comes a year after another man found the treasure in Wyoming, the Santa Fe New Mexican reported.
Many on the Right are calling to defund National Public Radio after it tweeted that the Declaration of Independence is "a document with flaws and deeply ingrained hypocrisies."
The Times of London published an excerpt from "Landslide," the coming book by the author Michael Wolff.
Todd McKinnon told Okta staff about his own plans for an upcoming family vacation in Napa to remind them of the importance of taking breaks, he said.
Kentucky congressman Thomas Massie found himself on the receiving end of a lesson in military protocol on Monday morning, after suggesting that active-duty members can simply “quit.” On Saturday, the GOP representative posted that he had been in touch with members of the military who were considering “quitting” if they were forced to get a COVID vaccine, which so far has largely proven safe. “I’ve been contacted by members of our voluntary military who say they will quit if the COVID vaccine is
Airbnb blocked 5,000 bookings in Phoenix and 4,500 in both Las Vegas and Seattle, it said. It wants to stop young people gathering in large groups.
The first half of 2021 has been marked by a series of fierce cultural and legal battles over policies relating to transgender athletes participating in girls’ and women’s sports. More battles loom as the Biden administration and some states take significantly divergent positions on the hot button issue.
A profane flag denouncing President Joe Biden and his supporters prompted several complaints in a small Tennessee town, according to the mayor.
Kushner persuaded Trump not to grant himself a federal pardon out of fear it would make states go after him more, Michael Wolff's new book says.
Some of the infrastructure conversations have happened in virtual briefings, while some individuals said the White House contacted them directly.
Democratic Rep. Cori Bush disputed the Fourth of July's message of independence on Sunday, saying the holiday only represents freedom "for white people."
The U.S. left Afghanistan's Bagram Airfield after nearly 20 years by shutting off the electricity and slipping away in the night without notifying the base's new Afghan commander, who discovered the Americans' departure more than two hours after they left, Afghan military officials said. Afghanistan’s army showed off the sprawling air base Monday, providing a rare first glimpse of what had been the epicenter of America’s war to unseat the Taliban and hunt down the al-Qaida perpetrators of the 9/11 attacks on America.
The Ministry of Health (MOH) said on Monday (5 July) that it is investigating an incident involving a 16-year-old boy who suffered a cardiac arrest after lifting weights six days into receiving his first dose of the Pfizer-BioNTech COVID-19 vaccine.
A British warship's entry into what Moscow considers Russian territorial waters near Crimea last month is the kind of provocation that demands a tough response, the Kremlin said on Sunday. President Vladimir Putin said on Wednesday that Russia, which fired warning shots and dropped bombs in the path of the warship to chase it out of Black Sea waters off the coast of Crimea, could have sunk the warship. Moscow challenged the right of HMS Defender to pass through waters near Crimea, something London said it had every right to do.
Chicago suffered another violent weekend over the Independence Day holiday, with at least 88 people shot since Friday, 14 of whom were killed, according to new reports.
Trump wondered how Pence "could be such a 'stiff' and a 'square,'" Michael Wolff wrote in his new book.
05 July, 2021 - 10:06pm
Joe Biden isn't being tough enough on Russian President Vladimir Putin, critics claim after a new cyber attack by Kremlin-linked hackers hit up to 1 million companies and demanded $70 million in cryptocurrency to fix it.
'Bad actors like these are emboldened when President Biden projects weakness on the world stage,' Georgia Representative Buddy Carter told DailyMail.com.
He added: 'We should take immediate action to hold Russia accountable and make it clear we will not tolerate acts cyber terrorism.'
The president told his Russian counterpart last month that he would retaliate against hacking groups that target the U.S., and on Saturday told reporters that he will retaliate against the ransomware attack.
'This marks a serious escalation just weeks after Putin-Biden summit on ransomware,' New York Times cybersecurity reporter Nicole Perlroth tweeted Saturday.
'Not only is this a supply chain attack on MSPs,' she continued, 'they broke in via a zero day, a significant advance for REVil which has traditionally compromised victims through usual means of phishing, etc.'
Biden has instructed the FBI to launch an investigation into the hack, but insists that he and the intelligence community are still 'not sure who' is behind the cyberattack.
In mid-June, Biden held a bilateral meeting in Geneva where he gave Putin a list of 16 critical infrastructure entities that are 'off limits.'
Those entities include energy, water, health care, emergency, chemical, nuclear, communications, government, defense, food, commercial facilities, IT, transportation, dams, manufacturing and financial services.
The most recent REvil hack, which was launched Friday, was aimed at breaching the IT systems of up to 1 million companies and businesses on almost every continent.
'Hard to see this as anything other than Putin tellin' Biden to f*** off,' one journalist wrote on Twitter.
Critics are lashing out at President Joe Biden for not keeping his promise to get tough on Russia over cyberattacks after the most recent hack targeting up to 1 million companies
One journalist wrote that the attack from REvil, which is Russian-linked, is a 'f*** off' to Biden from Putin
Another user said it's time to issue sanctions against Russia for the attack
Author Greg Olear wrote that it's time to retaliate.
'Its time,' he tweeted on Saturday. 'Kick them off the world banking system. Shut off the pipeline. No more appeasement.'
Others slammed President Biden as 'weak' for his slow response to the global cyberattack, which has affected a minimum of 1,000 U.S.-based companies.
House Minority Leader Kevin McCarthy tweeted on Saturday in reference to the bilateral meeting: 'Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks?'
'What he SHOULD have said is that ALL American targets are off-limits,' the California Republican continued.
He added: 'Biden is soft on crime and weak against Putin.'
During a trip to Central Lake, Michigan on Saturday, Biden said he would take action against the actors once more is known – casting doubt on whether the attack came from Russia.
House Minority Leader Kevin McCarthy said Biden is 'weak against Putin'. He tweeted: 'Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks? What he SHOULD have said is that ALL American targets are off-limits'
'We're not sure who it is,' the president said, while he celebrated the start of July 4 weekend at a cherry farm in the Great Lake State.
'The initial thinking was it was not the Russian government but we're not sure yet,' he continued as he fumbled with a paper in his suit jacket pocket with notes from a briefing on the situation beforehand.
He added: 'If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.'
Biden said that he would respond more on Sunday, July 4, but did not release anything more on the incident on Independence Day.
The latest hack was the largest ransomware attack on record and affected the IT systems of up to 1 million companies across the world.
Russian-linked hacking group REvil, which breached the systems of U.S.-based software firm Kaseya to conduct its attack, is demanding $70 million in cryptocurrency before they will fix it.
Biden and Putin held bilateral talks in Geneva on June 16 where the U.S. president said he gave his counterpart a list of 16 critical infrastructure entities that are 'off limits', including IT, which was targeted by the REvil hack
Satnam Narang, a researcher at cyber exposure company Tenable, tweeted a screenshot of a blog post the hacking collective had posted on the dark web
The Swedish Coop grocery store chain closed all its 800 stores on Saturday after the ransomware attack on Kaseya left it unable to operate its cash registers.
According to Coop, one of Sweden's biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken.
'We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,' Coop spokesperson Therese Knapp told Swedish Television.
The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.
State railways services and a pharmacy chain were also impacted by the attack.
'They have been hit in various degrees,' Visma Esscom chief executive Fabian Mogren told TT.
Defence Minister Peter Hultqvist told Swedish Television the attack was 'very dangerous' and showed business and state agencies need to better prepare. 'In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,' he said.
Swedish grocery stores, schools in New Zealand, and two major Dutch IT firms were among the victims of the Friday hack.
Kaseya says just a few dozen of its customers were directly affected by the attack, but knock-on effects have brought down firms in 17 countries - with one expert saying the attack is 'unprecedented' in its scale and sophistication.
REvil, which was behind the recent hack of meat processor JBS which saw an $11million ransom paid, has been negotiating ransoms of up to $5million with individual firms - but now says for $70million it will unlock all affected networks.
Joe Biden, who last month warned President Putin to take action against hacking groups targeting the US from Russia, said the FBI is investigating the latest hack and he will take action if Moscow is deemed to be responsible.
Analysts said it is no coincidence that the attack coincided with the July 4 holiday weekend, when companies would be under-staffed and less able to respond.
Ciaran Martin, founder of the UK's National Cyber Security Centre, told Radio 4: 'The scale and sophistication of this global crime is rare, if not unprecedented.
'It is a really serious, global operation.'
Swedish grocery chain Coop was forced to close all 800 of its stores on Sunday and said they would remain shut on Monday after its tills were affected.
The country's national rail operator and public broadcaster SVT were also affected.
In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised.
Also among reported victims were two big Dutch IT services companies - VelzArt and Hoppenbrouwer Techniek.
But most victims are believed to be small to medium-sized firms that are unlikely to publicly announce they have been infected - car dealerships, hair salons and accounting firms, among others.
Some Twitter users used sarcasm to suggest Biden isn't tough enough on Putin
Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.
Earlier, the FBI said in a statement that while it was investigating the attack its scale 'may make it so that we are unable to respond to each victim individually.'
Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had 'directed the full resources of the government to investigate this incident' and urged all who believed they were compromised to alert the FBI.
The president told reporters Saturday that it is not yet clear who is behind the latest cybersecurity breach to strike American businesses but insisted that he 'will respond' if it is tied to Russian President Vladimir Putin.
'We're not sure who it is,' he said, while he celebrated the start of July 4 weekend at a cherry farm in Central Lake, Michigan.
'The initial thinking was it was not the Russian government but we're not sure yet.'
He added: 'If it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.'
Biden warned that the US will retaliate if it finds out Russia was behind the mass cyberattack that hit at least 1,000 firms in the run-up to July 4 weekend. Biden speaking at a cherry farm store in Central Lake, Michigan Saturday
Less than a month ago, Biden pressed Russian President Vladimir Putin to stop giving safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.
A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector - though few large companies, cybersecurity firm Sophos reported.
Ransomware criminals infiltrate networks and sow malware that cripples them by scrambling all their data. Victims get a decoder key when they pay up. Most ransomware victims don't publicly report attacks or disclose if they've paid ransoms.
The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.
In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek.
CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like 'dental practices, architecture firms, plastic surgery centers, libraries, things like that.'
Voccola said in an interview that only between 50-60 of the company's 37,000 customers were compromised. But 70% were managed service providers who use the company's hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.
Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. Most end users of managed service providers 'have no idea' whose software keep their networks humming, said Voccola,
Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.
The REvil offer to offer blanket decryption for all victims of the Kaseya attack in exchange for $70 million suggested its inability to cope with the sheer quantity of infected networks, said Allan Liska, an analyst with the cybersecurity firm Recorded Future. Although analysts reported seeing demands of $5 million and $500,000 for bigger targets, it was apparently demanding $45,000 for most.
'This attack is a lot bigger than they expected and it is getting a lot of attention. It is in REvil's interest to end it quickly,' said Liska. 'This is a nightmare to manage.'
Analyst Brett Callow of Emsisoft said he suspects REvil is hoping insurers might crunch the numbers and determine the $70 million will be cheaper for them than extended downtime.
Sophisticated ransomware gangs on REvil's level usually examine a victim's financial records — and insurance policies if they can find them — from files they steal before activating the ransomware. The criminals then threaten to dump the stolen data online unless paid. In this attack, that appears not to have happened.
Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a 'zero day,' the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.
'The level of sophistication here was extraordinary,' he said.
When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn't just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.
It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack.
One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya's VSA because of the total control of vast computing resources they can offer. 'More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,' he wrote in a blog Sunday.
The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.
Kaseya says the attack only affected 'on-premise' customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.
Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.
Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion's share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.
Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin 'has not yet moved' on shutting down cybercriminals.
The comments below have not been moderated.
The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.
By posting your comment you agree to our house rules.
Do you want to automatically post your MailOnline comments to your Facebook Timeline?
Your comment will be posted to MailOnline as usual.
Do you want to automatically post your MailOnline comments to your Facebook Timeline?
Your comment will be posted to MailOnline as usual
We will automatically post your comment and a link to the news story to your Facebook timeline at the same time it is posted on MailOnline. To do this we will link your MailOnline account with your Facebook account. We’ll ask you to confirm this for your first post to Facebook.
Part of the Daily Mail, The Mail on Sunday & Metro Media Group
05 July, 2021 - 10:06pm
The latest in a string of severe cyberattacks has affected more than 1,000 businesses worldwide. Here’s what we know so far.
On Friday (2 July), a major ransomware attack in the US hit multiple managed service providers, affecting more than 1,000 businesses and organisations.
This includes schools, small public sector bodies, travel companies, credit unions and accountants.
The White House deputy national security adviser for cyber and emerging technology, Anne Neuberger, said in a statement that the FBI and the Department of Homeland Security’s cyber arm “will reach out to identified victims to provide assistance based upon an assessment of national risk”.
While the attack started in the US, it has impacted companies around the world, including Swedish grocery store chain Coop, which closed hundreds of its stores over the weekend. This is because a tool used to update its checkout tills remotely was affected by the attack.
It is the latest in a string of major ransomware attacks receiving global attention, including incidents impacting a major gas pipeline, the world’s largest meat producer and Ireland’s Health Service Executive (HSE).
The attack began at Kaseya, a Miami-based software supplier. On Friday, the company reported a “sophisticated attack” on its VSA software, a set of tools used by IT departments to manage and monitor computers remotely.
The cybercriminals responsible for the attack found a vulnerability in Kaseya’s supply chain and used a malware protection program to deliver ransomware code to businesses that use the software.
While Kaseya initially estimated that only about 40 customers had been directly affected, the impact of the attack spread further because its customers include managed service providers (MSPs) that use the software to service hundreds of businesses.
Cybersecurity firm Huntress Labs, which is investigating the incident, said as many as 30 MSPs across the US, Australia, the EU and Latin America had been hit and more than 1,000 of those MSPs’ clients could be affected.
According to security company ESET, the majority of reports are coming from the UK, South Africa, Canada, Germany, the US and Colombia.
Kaseya has advised its customers that all on-premises VSA servers should remain offline and said a patch will need to be installed prior to restarting the VSA.
In its latest security update, the company also said it had been advised by outside experts that customers who experience ransomware and receive communication from the attackers should not click on any links as they may be weaponised.
The attack is believed to come from REvil, a ransomware-as-a-service cybergang thought to be based in Russia. On its dark web blog, REvil claimed responsibility and said the attack infected more than a million systems.
The gang has an affiliate structure and previous attacks attributed to REvil or its affiliates include a ransomware outbreak in 2019 that affected more than 20 local governments in Texas and the recent attack on meat producer JBS Foods.
REvil has demanded $70m in ransom for a universal decryption tool promising to decrypt files of all victims in less than an hour. If paid, it could become the highest ransomware payment ever made.
However, paying ransoms is generally not advised by security experts. This is because it allows cybercriminals to profit, encouraging further attacks and putting a target on companies that agree to the demands.
According to a study from infosec company Cybereason, 80pc of organisations that opted to pay a ransom demand suffered a second ransomware attack, often from the same threat actor group.
Furthermore, there is no guarantee that cybercriminals will make good on their promises even if a ransom is paid. According to a recent report from security software company Sophos, 92pc of companies that opt to pay a ransom don’t get their data back.
Even when decryption tools are provided, the cost and time it takes to restore systems with a large attack such as this one could be huge.
Speaking at an Oireachtas Joint Committee on Health on 23 June, HSE CEO Paul Reid said it will take months before systems are fully restored and immediate costs are “well over €100m”.
“Decryption takes much longer than the original encryption, and eradication involves additional tasks to ensure that the perpetrators have no access route back into our systems,” he added.
In its latest security update, Kaseya said its teams are working “around the clock in all geographies” to restore its customers to service.
“We have successfully completed an external vulnerability scan, checked our SaaS databases for indicators of compromise, and have had external security experts review our code to ensure a successful service restart.”
It does not currently have a timeline for when its data centres can go back online but it plans to start the restoration process by the end of today (5 July).
“Once we have begun the SaaS data centre restoration process, we will publish the schedule for distributing the patch for on-premises customers,” the company added.
It also announced that it hired cybersecurity company FireEye to help deal with the fallout.
Kaseya said some lightly used legacy VSA functionality will be removed out of an “abundance of caution”.
It also said there will be new security measures implemented including enhanced security monitoring of its SaaS servers by FireEye.
Jenny Darmody is the deputy editor of Silicon Republic