Kaseya VSA Attack: Why Cervisys Isn’t Affected, What We’re Doing Anyway


You may have seen the news about a supply-chain ransomware attack on Kaseya which affected numerous businesses over the holiday weekend. The targeted company, Kaseya, provides tools to Managed Services Providers (MSPs) like Cervisys. One of these tools, “Kaseya VSA,” was recently compromised by an international cybercrime organization, then used to attack roughly 60 MSPs and, by extension, up to 1,500 end-user organizations.

This type of cyberattack – using MSP tools as an attack vector against the MSPs’ own clients – is a type of supply-chain attack, and is becoming increasingly prevalent due to its ability to easily “scale up” to hit numerous valuable targets at once. While there is no reason to believe Cervisys or its clients were affected, this is an ongoing situation and we’re providing the most up-to-date info for our clients here.

What Cervisys is doing:

Cervisys does not use “Kaseya VSA,” the only tool with any evidence of compromise, we do not use Kaseya tool as part of our managed services. Out of an abundance of caution, we have isolated our tools until we can investigate it fully and be confident we pose no risk to our clients. This back-end change will not affect our clients in any noticeable way.

Additionally, we have searched our clients’ environments for any suspicious agents installed by Kaseya via any 3rd-party, non-Cervisys vendors. While we do not believe such a fringe attack is overly likely, we do not leave our clients’ security up to chance. The Kaseya agents found in this way have been disabled until they can be properly inspected and confirmed as secure. The vast majority of our clients will not be affected, but a few may experience interruptions or errors due to disabled 3rd-party Kaseya services.

Finally, Cervisys is taking this moment to evaluate our current processes. There are always lessons to learn from every cyber attack or disaster, and this one is no different. Though there is no way to be certain, we believe that if a similar attack had targeted the Atera tool Cervisys does use, it could have been slowed, mitigated, or even prevented entirely by several decisions and precautions that we already have in place. Nevertheless, we continue to explore options that drive this risk down even further, all as part of ensuring our clients’ productivity and peace of mind.

What you should do:

As we mentioned earlier, a small number of clients may experience some disruptions from the 3rd-party Kaseya plugins & agents we disabled. If you have experienced a disruption of services, please report it to our help desk immediately so we can work towards restoring your productivity in a secure manner. 

We will continue to monitor this situation, and will post any noteworthy updates here, all as part of Making IT Easy for our clients every day.

Previous Post
Keeping Your Remote Office Space Secure
Next Post
Log4JShell Vulnerability Update

Related Posts

No results found.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.