Skip naar inhoud

Kaseya apologises for extended downtime after ransom attack

Wilt u deze bijdrage aanbevelen? Dat kan via:

CEO of Kaseya apologises after pushing back the restoration of the firm’s VSA service following a REvil ransomware attack
Kaseya CEO Kevin Voccola has apologised to the firm’s thousands of users currently unable to service their own customer bases while both hosted and on-premise instances of its VSA endpoint and network management service remain offline following a devastating ransomware attack by the REvil/Sodinokibi syndicate.The firm had hoped to bring its software-as-a-service (SaaS) datacentres back online over 24 hours ago, but technical issues forced this timeline to be reset, and on-premise versions of VSA cannot be restarted until the SaaS version is up and running. In the meantime, Kaseya has published a runbook for on-premise customers to help them prepare to restart.

“It has been a long, long five days for everyone, and I want to express my sincere apologies that you’re not up on VSA, that VSA is not accessible for you to serve your customers, to serve your internal IT folks, and to make your lives easier,” said Voccola. “I recognise … this sucks. We take this very seriously.

“The fact that we had to take down VSA was very disappointing to me… I feel like I let this community down, I let my company down, our company let you down,” he said.

“The new release time, which we are very confident in, is going to be this Sunday [11 July] in the early afternoon Eastern Standard Time,” added Voccola.

Voccola said he took responsibility for having pulled the planned release this week and described it as the hardest decision he’d had to make in his career.

“The fact that we had to take down VSA was very disappointing to me… I feel like I let this community down, I let my company down, our company let you down”

Kevin Voccola, Kaseya

He said Kaseya’s teams had locked down the vulnerabilities exploited in the attack and felt comfortable with the release, but, on the advice of third-party cyber consultants and Kaseya’s own engineers, they wanted to take time to put additional protections in place and harden VSA as much as possible.

Kaseya was downed late in the day on Friday 2 July by the REvil gang, ahead of a holiday weekend for the US company.

Between 50 and 60 of its managed service provider (MSP) customers were hit, with the cumulative impact spreading to thousands of downstream businesses – many of them small ones – that rely on the IT channel for their tech resource.

Most notably, the Swedish Coop supermarket chain was forced to shut hundreds of stores due to its payment systems dropping offline.

The ransomware operators have demanded $70m for a master decryption key, and far smaller sums from individual victims (see image below), but Voccola has been vocal in his refusal to negotiate with the criminals. It is not known if any of the other impacted businesses have entered negotiations.

In the past 24 hours, more details have begun to emerge via the Dutch Institute for Vulnerability Disclosure (DIVD) of the precise vulnerabilities exploited by REvil.

DIVD said it had been working extensively behind the scenes on seven newly discovered common vulnerabilities and exposures (CVEs) in the VSA product since 6 April.

These are CVE-2021-30116, a credential leak and business logic flaw; CVE-2021-30117, a SQL injection vulnerability; CVE-2021-30118, a remote code execution (RCE) vulnerability; CVE-2021-30119, a cross-site scripting (XSS) vulnerability; CVE-2021-30120, a two-factor authentication (2FA) bypass; CVE-2021-30121, a local file inclusion vulnerability; and CVE-2021-30201, an XML external entity vulnerability.

Of these, 30117, 30118, 30121 and 30201 have been resolved in previous patches, from which one can now infer that REvil used one or more of 30116, 30119 and 30120 to access the target systems.

DIVD’s chairman, Victor Gevers, said that, throughout the process, Kaseya had shown that it was willing to put maximum effort and initiative into getting the issue fixed and its customers patched.

“[Kaseya] showed a genuine commitment to do the right thing,” he said. “Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.”

Lees ook:

Wat wil en wenst de ontwikkelaar?

In een krappe ict-arbeidsmarkt is het voor werkgevers interessant te weten wat er onder ontwikkelaars leeft. Bedrijven die de juiste tools bieden, hebben een streepje voor. Een internationaal onderzoek onder ruim zeventigduizend ontwikkelaars uit de Stack Overflow-community geeft inzicht in de trends. Dit rapport is bij recruiters dan ook niet onopgemerkt gebleven. Ze krijgen zo een beeld van hoe developers leren en meer kennis vergaren, welke tools ze gebruiken en waaraan ze behoefte hebben.

TNO: Europa kan tech-overmacht VS en China doorbreken

Zet vol in op de ontwikkeling van 6G, maak Gaia-X volwassen, loop voorop met edge computing en omarm open technologie. Dit zijn enkele aanbevelingen van TNO om in Europa de overheersing van Big Tech en Chinese (5G-)bedrijven te doorbreken.

Subpostmaster campaigning forces government to set up compensation scheme and make interim payments

Subpostmaster campaign group is a step closer to achieving what it was originally set up to do as government launches compensation scheme for its members who did not receive fair payouts

Advies: wacht met 3,5 GHz tot Inmarsat weg is

Het duurt waarschijnlijk tot eind 2023 voordat de 3,5-GHz-frequentieband beschikbaar komt voor openbare mobiele-communicatiediensten. Er is weliswaar veel vraag naar extra frequentieruimte, maar op de daarvoor afgesproken 3,5-GHz-band kan dat storen met noodoproepen van de lucht- en zeevaart. Het ministerie krijgt het advies te wachten totdat satellietbedrijf Inmarsat is verhuisd van het Friese Burum naar Griekenland.

Na sase komt sse (security service edge)

Security service edge (sse) is de evolutie van het sase-framework van Gartner. Door de letter ‘A’ (voor ’access) te verwijderen, wordt duidelijk dat het netwerk niet langer wordt beschouwd als onderdeel van een beveiligingsoplossing. Het is slechts het mechanisme dat de datastromen naar het security- en controleplatform transporteert.

UK tech has 2.8% gender ‘wage gap’, says Hired

The wage offered to women for tech jobs in the UK is 2.8% less than offered to male counterparts – a larger gap than in the US and Canada, says Hired

Wilt u deze bijdrage aanbevelen? Dat kan via:

Klaar voor de beste oplossing voor uw IT & ICT-situatie?

Ik heb mijn wachtwoord gewijzigd in “onjuist.” Dus wanneer ik vergeet wat het is, zal de computer zeggen: “Uw wachtwoord is onjuist.”