back to article Kaseya’s VSA SaaS restart fails, service restoration delayed by at least ten hours

Kaseya’s attempt to recover its SaaS services has failed, and its CEO has attempted to play down the significance of the incident that has seen its VSA services offline since July 2nd and over 1,000 ransomware infections. The biz, which makes system monitoring and management software for IT service providers, issued an update …

  1. MJB7

    'staff “have probably slept a grand total of four hours in the last two days literally and that’ll continue until everything is as perfect as can be.”'

    Oh great! So a complex recovery is being performed by a bunch of sleep deprived people operating waaaay below their optimum.

    1. Anonymous Coward
      Anonymous Coward

      That was my first thought. We know that massively fatigued people always make the best decisions.

      (Ssshh. Don't mention American International Airways Flight 808).

    2. elsergiovolador Silver badge

      I wonder how likely the overtime they do is unpaid...

    3. Flywheel Silver badge
      Joke

      Don't worry - they'll get TOIL / Time off in Lieu...

  2. Anonymous Coward
    Anonymous Coward

    We're still in the honeymoon phase of our contract ...

    and the fact that Kaseya were recommended by our managed IT company (and has crippled them these past 5 days) won't be forgotten.

    Maybe InTune wasn't such a bad rival ....

  3. lglethal Silver badge
    FAIL

    Hey, hey, hey. It only affected about 50 of our customers. So it's not a big deal.

    What do you mean it affected thousands of other firms, using our software? Yeah but they didnt buy directly from us, so their not our problem. It's fine, only a small number of firms affected, yadda, yadda...

    This is what I hear everytime I see the responses from Kaseya. It definitely makes me never want to work with their firm. Their management sound like a right bunch of Wayne Kerrs...

  4. James Ashton
    FAIL

    Almost no customers have their firewalls locked down

    “For almost all customers, this change will be transparent,” the 10PM advisory states. “However if, and only if, you have whitelisted your Kaseya VSA server in your firewall(s), you will need to update the IP whitelist.”

    Really? If there was one external service that you should lock down with your firewall then VSA would be it. But almost nobody is apparently and then we wonder why IT security isn't what it should be. People get a firewall and feel safe ... even if they haven't really configured it at all.

    1. Anonymous Coward
      Anonymous Coward

      Re: Almost no customers have their firewalls locked down

      "I propose 2 for this objective"

      I've worked in multiple DCs where some auditor advised them to setup a inbound firewall to their DC.

      Result ? The most expensive one is bought (I've seen the top Juniper one, a massive carier grade system of half a rack, for a 20 racks DC), then it's working in log mode and anyone brave enough to have a look will scream in utter despair.

  5. Pascal Monett Silver badge

    "anonymous currencies that are very difficult if not impossible to trace by the authorities"

    Can people stop spouting that bull ? All of the funny money thingies rely on blockchain which, if memory serves, is a public ledger.

    The only reason the FBI can't do anything is not because the transactions are "anonymous" (they're not), it's because the criminals are in Russia .

  6. Mike 137 Silver badge

    Interesting juxtaposition?

    "The biz, which makes system monitoring and management software for IT service providers..."

    "...services offline since July 2nd and over 1,000 ransomware infections"

    Is anyone else a bit worried by this, or am I alone?

    1. Graham48UK

      Re: Interesting juxtaposition?

      Yep 100%

  7. MapleAndrew

    I find that a pretty shocking comment from Fred Voccola that “All of a sudden cyber crime and ransomware has become … the topic of the day and we're caught in the middle of it and people make the story and make the impact of this larger than what it is.”

    Larger than what it is??? 1000 companies have had their data encrypted. How is that not large? Not to mention that this is probably game over for the 50+ MSPs affected.

    Not a good indictment of how Kaseya view their clients and their clients' clients.

  8. Jflynn007

    Translated - “we developed a complex process to deal with cyber threats. Pull the power cord. ‘

    The industry is now at a crisis situation. We cannot trust the vendors who are supposed to be helping to protect us. SolarWinds, Kaseya, and a number of other serious breaches (looking at you Exchange).

    This guy is part of the problem. His company was hacked by some really evil people and we should feel sorry for him. Wonder if they will be refunding money to that small group of 1000+companies that are screwed?

  9. HildyJ Silver badge
    FAIL

    Fred Voccola

    At this point Fred Voccola has lost all credibility. Whatever he says now will change the next time he speaks. I assume at some point he will declare victory. I won't trust that statement either.

    News - the 8 AM (EDT) update says they are still working and have nothing to report.

  10. Claptrap314 Silver badge

    "'For almost all customers, this change will be transparent,' the 10PM advisory states. 'However if, and only if, you have whitelisted your Kaseya VSA server in your firewall(s), you will need to update the IP whitelist.'"

    Given that their customers are supplying IT services to other companies, anything less than 100% of their customers' having done this is unacceptable to the point that they should be run out of business.

    This guy needs a permanent vacation.

  11. Yes Me Silver badge

    larger than what it is?

    'people make the story and make the impact of this larger than what it is'

    Would those people be the ones whose businesses have been ruined?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021