Kaseya pushes back server restart as CEO says impact of attack has been 'made larger than what it is'

Fred Voccola claims the company’s actions ‘prevented what could have been something much greater’

Kaseya delayed getting its VSA servers back online last night after discovering an issue, while the firm's CEO has claimed that the impact of Friday's cyber attack has been made "larger than what it is".

Russian-speaking ransomware group REvil took responsibility for the attack which impacted Kaseya's on-premise VSA customers and in a post on its darkweb blog, demanded $70m of bitcoin in payment to release a "universal decryptor".

The vendor, whose VSA software is used by MSPs and channel partners to help them monitor their customers' networks, estimates that "approximately 50" of its own customers were impacted, which in turn led to between "800 and 1,500" businesses across the world being affected.

Its SaaS servers were due to gradually come back online last night, which was then set to be followed by the start of its on-prem server restoration over the following 24 hours, but at 10pm US EDT the firm released an update claiming an issue was found and that they would not be back up by this morning as intended.

In a video statement released on the company's YouTube channel yesterday, CEO Fred Voccola praised the response from the business after the attack was discovered and said its impact has been overblown.

"Someone gave me a really nice piece of advice. They said ‘even the best defences in the world get scored upon'," he said.

"This breach has gotten incredibly scrutiny from the press. All of a sudden, cybercrime and ransomware has become the topic of the day and we're caught in the middle of it. And people make the story, make the impact of this, larger than what it is.

"We all have to take a step back and realise this is the world we live in. It's forcing us to look at ourselves as well - recommitting ourselves to every possible consideration that's there and recognising that our security plans, the architecture of how we run IT Complete in our businesses, prevented what could have been something much greater."

In a further update issued today, Kaseya said it had "not yet been able to resolve the issue" but that the R&D and operations teams "worked through the night and will continue to work" until it is fixed.

Voccola added that the businesses has had "significant support" from the White House, as well as help from fellow tech companies and competitors.

It is continuing to advise that all on-premise VSA servers should be kept offline until further instructions from Kaseya.

Voccola added: "Unfortunately, there are bad people out there who can make a lot of money, or try to make a lot of money, get paid in anonymous currencies that are very difficult if not impossible to trace by the authorities, so there's no money trail for them to go and get these criminals. This kind of activity happens.

"We take it very seriously. At our own free will, we took down all of our RMM customers out of an abundance of caution."