US government provides support and advice for organizations impacted by Kaseya VSA ransomware incident

Published: Monday, 05 July 2021 09:23

In a statement Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, has described the support that the US government is providing to victims of the latest supply chain ransomware attack.

The incident was reported late last week, with a successful attack on the Kaseya VSA solution. Kaseya VSA is a remote monitoring and endpoint management solution used by customers to manage their IT infrastructure.

Kaseya became aware of the attack around mid-day (EST/US) on Friday, July 2, and although the company says that only a small a number of on-premise customers were directly impacted with ransomware, a large number of customers were told to immediately shutdown VSA servers 'until further notice'.

Speaking on July 4 about the incident Anne Neuberger said:  

"Since Friday, the United States Government has been working across the interagency to assess the Kaseya ransomware incident and assist in the response. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been working with Kaseya and coordinating to conduct outreach to impacted victims. Yesterday, President Biden directed the full resources of the government to investigate this incident. We extend our thanks to the cybersecurity professionals across the FBI, CISA, and the intelligence community for working around the clock to respond to this incident.

"We urge anyone who believes their systems have been compromised in the Kaseya ransomware incident to immediately report to the Internet Crime Complaint Center at https://www.IC3.gov. The FBI and CISA will reach out to identified victims to provide assistance based upon an assessment of national risk. We also urge you to immediately follow the guidance from Kaseya including shutting down your VSA servers and implementing CISA’s and FBI’s mitigation techniques."