Kaseya Plans to Have VSA SaaS and On-Premises Updates Ready by Sunday, July 11
Kaseya is still working on patching both the software-as-a-service (SaaS) and the on-premises versions of its VSA software. The attackers managed to infect about 60 Kaseya on-premises customers, and from there, infect about 1,500 of those customers’ clients with REvil ransomware. Kaseya plans to have patches available for SaaS and on-premises VSA software by 4PM EDT Sunday, July 11. Kaseya has released a start-up readiness guide for on-prem VSA customers to “ensure [their] VSA server(s) is prepared to receive the VSA release patch, which contains critical security fixes.”
Be aware of fake updates circulating. These fake updates will attempt to install backdoors instead of fixing the flaw. Be careful with any detection tools, patches, or protection tools distributed and always verify the source as well as the integrity of the file.
The Kaseya article below lays out what you need to do for an on-premise server to prep for the upcoming patch, including isolation and checking for provided IOCs. Note that they have an agreement with FireEye to provide complementary endpoint security agents for your VSA server which you should implement.
Read more in
Gov Infosecurity: Kaseya Announces New Service Restoration Date
SC Magazine: Kaseya offers pre-patch instructions for on-prem VSA customers
Kaseya: On Premises VSA Startup Readiness Guide - July 7th, 2021