Thousands of companies that rely on Kaseya’s VSA software to remotely manage systems may have to wait longer to use it again.
Kaseya CEO Fred Voccola announced further delays in his latest video message to customers, which was posted early Thursday. Kaseya is patching both the software-as-a-service version of its VSA software, which was not exploited by attackers, and the on-premises version, which was used to infect about 60 Kaseya’s managed service provider customers and up to 1,500 of their clients with ransomware.
Following the hacking incident, Kaseya pulled its SaaS software offline and advised all on-premises users to deactivate the programme immediately. Kaseya had anticipated to have completely patched VSA SaaS software back by Tuesday, and to issue patches to users for the on-premises version 24 hours later.
Voccola said in the video “It was my decision to [delay restoration of service] and no one else’s,”
“The vulnerabilities that were exploited in the attack – we had them locked and felt comfortable with the [SaaS] release. But [based on suggestions] of third-party engineers and IT staff, we [implemented] additional layers of security for things we might not be able to foresee.”
Prior to Sunday’s patch releases, Voccola said the company’s VSA software will be “hardened” for both the SaaS and on-premises versions.
Voccola added “I feel extremely confident that this Sunday, at 4 p.m. Eastern, we’ll have customers coming back on,”
“The fact that we had to take down VSA is very disappointing to me … I let the community down, let the company down. Our company let you down.”