Kaseya Ransomware Attack Response
Updated July 9, 2021
Please be aware there is currently a malware scam campaign attempting to take advantage of the recent Kaseya VSA ransomware attack. If you receive an email with an attachment named “SecurityUpdates.exe” do not download this file. The email may also contain a link pretending to be an official security update from Microsoft designed to patch the Kaseya vulnerability.
If you find that you have received the email, DO NOT forward it. Instead, contact your IT service provider to address the situation. If you do not have a Managed Services Provider or IT personnel available to assist, please feel free to call (301) 259-3414 or start a chat with our eTrepid Tech Team at eTrepid.com and further direction will be provided.
The ransomware attack against Kaseya, a software solutions provider furnishing support encompassing managed IT services, has paralyzed businesses. During the attack, Kaseya's VSA remote management and monitoring tool was directly impacted. Although we do not utilize this tool, this attack has compromised numerous businesses in conjunction with Managed Service Providers (MSP) who do, hitting supply chains and locking systems throughout the nation including right here in Maryland. We are currently working to provide support to the MSP Community when and where needed.
As an implementer of Kaseya products, the eTrepid Team moved swiftly to suspend all services connected to the company as a precautionary measure. This rapid response to disengage and protect customers succeeded but has in turn affected services you may be utilizing. The security of our customers remains a top priority. Our teams will continue to actively review and monitor the situation while working with customers to supply solutions that will not heavily impede daily duties. Below you will find additional information regarding our response and the impact it may cause.
Protective Actions Taken:
- We have temporarily disabled all on-prem and cloud Kaseya and IT Glue integrations as a precautionary step until more information is available.
- Our Security Operations Center (SOC) team has taken actions to review the available threat data contained in our SOC monitored systems.
- No indications of attacks, compromises, or suspicious activity associated with eTrepid’s services have been found.
- Our team will continue to carefully monitor the situation and share updates with clients about re-connecting the access once the all-clear message has been released.
The temporarily disabled integrations from Kaseya’s MyGlue service will directly affect clients utilizing the MyGlue Portal to create a support request and explore ticket statuses. As a result, customers using this service will not be able to gain access to their MyGlue account portal. It is encouraged to utilize other methods to submit and seek information regarding your support requests including;
- Email helpdesk@eTrepid.com if you would like to create a new service request. If you are requesting information regarding status updates on an existing ticket, email helpdesk@eTrepid.com and add the ticket number in the subject field.
- Utilize the "e" icon located on the right side of your taskbar
- Visit the eTrepid online support page
- If support is needed right away, you can utilize our online chat or call (240) 455-0131, then select option 2 to escalate your request and receive immediate support.
Keeping You Informed:
As always, we are committed to furnishing support in a reliable manner, while remaining transparent and providing updates to keep you informed along the way. We apologize for any inconvenience this may cause. Thank you for your patience as we work to ensure the solutions provided to our clients remain protected and secure. Please do not hesitate to contact us with any concerns you may have.
If you are interested in learning about other ways to protect your business from cyber attacks, RSVP to hear Justin Reinmuth, TechRug CEO, provide insight on ransomware, cyber crime, and business email compromises faced in 2021 during our free Coffee and Conversation webinar on Thursday, July 22nd at 11 AM.