Kaseya VSA RMM Cybersecurity Incident
Providing updates on our VSA RMM Outage
Sunday, July 11, 2021
We confirmed on Wednesday, July 7 that all of our internal systems and managed customer systems were not compromised. We still do not have our VSA Services back online.
We have been following the situation very closely and waiting for Kaseya to release an updated version to our VSA Server. We have been told that a release will be issued later today, July 11th.
However, out of security concerns for our customers, we have decided to delay bringing our VSA Servers back online right away as we want to be sure that there are no existing or new vulnerabilities within the new VSA Server release software.
We will provide an update when we believe we will be ready to bring our VSA Servers back online.
The security of our network and our clients systems are of the highest priority for us and we want to ensure this remains.
Again we want to remind you that If you believe you have been compromised due to this cybersecurity event, do not click on any links — they may be weaponized. Contact us directly so we can begin to take appropriate steps.
Wednesday, June 7, 2021
Currently our VSA Servies still remain offline, we have completed scanning of all of our internal and customer systems, and we found ZERO compromises. Based on current information we have received from Kaseya, we are now expecting to be able to bring our VSA Servers online and RMM services very soon. We should have a clear timeline by tomorrow morning, Thursday July 8TH 2021.
Tuesday, June 6, 2021
Our VSA Services still remain offline, we are still scanning customer systems, and we still are glad to report we have had ZERO compromises. Based on additional information we have received from Kaseya, we are expecting to be able to bring our VSA servers back online by Thursday, July 8th and RMM services will resume shortly after that. This timeframe is subject to change.
Again we want to remind you that If you believe you have been compromised due to this cybersecurity event, do not click on any links — they may be weaponized. Contact us directly so we can begin to take appropriate steps.
We will provide additional updates as they become available.
Monday, July 5, 2021
Updated 9:40 PM CDT:
- In an effort to be transparent with our customers, Kaseya is sharing the information concerning the recent ransomware attack in an Incident Overview & Technical Details document which is available at this link
Released at 8:00 PM CDT:
Our VSA Services are still offline, we have been continuously scanning systems, and at this time we are glad to report that we have not found any compromised systems within our internal systems or our client systems.
Based on guidance we received from Kaseya, we scanned our VSA servers and found no compromises on those systems and as a result we do not believe that we will find any on customer systems.
Based on our aggressive schedule of scanning customer systems we expect to be completed with this part of the process by Thursday, July 8.
Again we want to remind you that If you believe you have been compromised due to this cybersecurity event, do not click on any links — they may be weaponized. Contact us directly so we can begin to take appropriate steps.
We are expecting to be able to begin patching our VSA servers in the coming days and after confirming no vulnerabilities exist we will be ready to begin bringing our VSA services back online.
Kaseya has indicated that they will be providing a full report on the situation and what steps they have taken to secure the VSA systems to prevent any future vulnerabilities. We will be sharing this report with you once it has been shared with us.
Sunday, July 4,
2021
Currently our VSA Services are still offline, we have received a Security
Compromise Detection Tool from our RMM Software vendor Kaseya, and we are
currently running detections on our internal systems, and will then begin
running detections on our client systems. At this time, we still do not believe
that any of our internal systems or our client systems have been effected. This
detection tool will provide a definitive confirmation on this. We will be
providing an update tomorrow morning, Monday July 5, 2021 on the status of this
process.
For further information about this cybersecurity incident, please click this link and
a statement from the Federal Bureau
of Investigation (FBI) on the situation and current update status
directly from Kaseya. Our RMM software vendor Kaseya has been working
directly with the FBI and DHS CISA and several outside security firms including
FireEye
Mandiant IR to resolve this security breach as quickly as possible. If you believe you have been
compromised due to this cybersecurity event, do not click on any links — they
may be weaponized. Contact us directly so we can begin to take appropriate
steps.
We are expecting to be able to begin patching our VSA servers within the
next 48-72 hours. Once this is completed and we are able to verify that the
system has no vulnerabilities we will begin to bring our VSA servers back
online and our client’s RMM services and managed services portal back
online.
Friday, July 2, 2021 overnight we performed security audits of all our
internal systems and client systems to ensure that they were up to date with
the latest updates and anti-virus signatures from our managed security platform
ERA/ESET. During this process we deployed enhanced security profiles which
would help from risks of this cybersecurity attack spreading across our clients
networks if there were any compromises to be found. We determined that after
performing the security audits we do not believe our clients were effected. We
will be releasing an updated ESET security profile by end of day Monday, July 5
which will restore our clients ESET security profiles to what they were before
this incident happened.
We are being told that due to the early steps taken by Kaseya and AGILITY,
it mitigated most risk for us and our customer’s of being compromised.
If you have questions or issues regarding this event, we will be happy to
assist in answering you’re questions, our personal contact details are below:
Cory Taylor, CEO-CIO
Mobile: +1 (217) 720-6747
Email: coryt@agcomtech.com
Tyler Hollar, NetOps Manager
Mobile: +1 (217) 717-7731
Email: tylerh@agcomtech.com
We are committed to our client’s security and are working diligently to
ensure your computer systems are safe.
Respectfully,
Cory Taylor
CEO-CIO
Saturday, July 3,
2021
We we’re advised yesterday afternoon of a potential cybersecurity incident
that involved our VSA Services and to shut-down our VSA server until further
notice while waiting on more information from our software vendor. As you may
know VSA is the application that allows for remote monitoring and management of
your computer systems and network and provides access to your systems remotely.
Last night we performed an extensive security audit across our internal
network and our clients’ networks to ensure all systems we’re fully up to date,
and had the latest security releases from our antivirus systems. We are
releaved that at this time we did not find any potential risks in the systems
we scanned.
We have been advised
by our software vendor Kaseya and their outside experts, that if you have
experienced rasomware and receive a communication from the attackers, you
should not click on any links — they may be weaponized.
Kaseya and AGILITY are working around the clock to
resolve this issue from a security assessment, client support,
progress update, technical resolution, and return to operational status
standpoint. We will be continously monitoring our client’s systems to
ensure that no cybersecurity threats exist.
During this time, there is no access to our managed services portal and our
RMM toolset is disabled due to the Kaseya VSA cybersecurity breach. Once we
have determined that our VSA systems are patched, and it is safe to restore the
VSA systems we will do so. Until then, we will continue to monitor the
situation and keep you aprised. We will continue to provide updates as they
become available.
