![kaseya agent what is kaseya agent what is](https://www.channelfutures.com/files/2016/05/kaseya-vsa-93-screenshot_2-877x432.jpg)
It is being reported by multiple media outlets that at least six large Managed Service Providers (MSP) were compromised which gave attackers access to encrypt the files belonging to more than 200 companies.ĭataprise immediately shut down all on-premises Kaseya VSA servers and conducted a thorough investigation which determined that our VSA servers were not compromised.
KASEYA AGENT WHAT IS SOFTWARE
Kaseya has released information obtained through their internal investigation that indicates the attack vector was likely a SQL Injection against the VSA software that allowed the attacker to take control of the remote management tool, and deploy a REvil ransomware launcher to encrypt the victim systems of all clients. Kaseya proactively shutdown their cloud environment and advised all customers using on-premise VSA servers to shut them down immediately. On JKaseya released an emergency communication via their website about a compromise of their VSA system being used to spread ransomware to client systems. Results were documented and confirmed back to Kaseya Support by 11:26 PM EDT. Each of these scans completed with no signs of compromise detected. We shut our servers down again immediately after the scripts completed running. We have also run the endpoint script on several internal machines that were registered with our VSAs. Our VSA servers were temporarily powered on in an isolated, offline state to facilitate execution of both these scripts. The tool is comprised of two scripts, one for the VSA server and one for endpoints. Kaseya’s Compromise Detection Tool was provided to Dataprise at 10:36 PM EDT on July 3, 2021. We are relying on Kaseya’s actions and updates in the short term, while internally strategizing longer term plans for reaction/response and contingency. Customer safety and security are our utmost priority.
![kaseya agent what is kaseya agent what is](https://b6x0l214gh21wkvwf1simsxr-wpengine.netdna-ssl.com/wp-content/uploads/2019/12/vsa_remote-control-1-768x374.png)
KASEYA AGENT WHAT IS HOW TO
Following the impending update from Kaseya, Dataprise will review the startup procedures and make the best determination for how to resume normal operations in a safe and controlled manner. They anticipate an update on the status of the patches as well as a preliminary estimate of when they expect to return to business as usual and advise customers when and how to bring their VSA servers back up safely.ĭataprise has run the Kaseya-provided detection scripts on our production VSA servers with no indications of any compromise discovered. Kaseya continues to work on internal testing of the patches they have developed for VSA.