Datacom shuts down Kaseya VSA servers, schools emerge as first NZ victims of global breach

Datacom shuts down Kaseya VSA servers, schools emerge as first NZ victims of global breach

Datacom said it had been decommissioning Kaseya software before the ransomware attack.

Credit: Supplied

New Zealand ICT services giant Datacom has shut down its Kaseya servers after a global breach of the vendor's Kaseya VSA product by cyber criminals.

Datacom said it used Kaseya software but had been decommissioning it before the current attack. 

"As soon as we were notified of the risk, we shut down our Kaseya servers immediately," the company said in a statement. "We are also actively monitoring customer environments and have not seen, nor been made aware of any qualified infections."

Kaseya VSA is used by managed service providers and others to deliver IT management services to customers, so the impact of the global breach is likely to be large.

"When an MSP is compromised, we‘ve seen proof that it has spread through the VSA into all the MSP’s customers," said senior security researcher John Hammond of cyber security firm Huntress. "MSPs with over thousands of endpoints are being hit."

The local fallout from the attack was building on Sunday with systems at multiple schools affected. St Peter's School in Cambridge was the only one initially named, but at least ten more were breached.

The identity of the managed service provider to the schools was also not known.

Cyber security agency CERT NZ is recommending any users of the software shut it down until a fix is available. The REvil ransomware gang, believed to be linked to Russia, has been named in relation to the outbreak.

In 2019, Kasaya CEO Fred Voccola said the company had a sizeable office in Auckland and would be substantially investing in R&D, sales, support, marketing and business development.

On Friday (US time) Voccola said he believed that Kaseya had identified the source of the vulnerability and was preparing a patch to mitigate it for on-premises customers.

"We will release that patch as quickly as possible to get our customers back up and running," he said.

Datacom said its cyber security defence operations centre was made aware of a major REvil campaign against several companies using a malicious update for Kaseya VSA software early on Saturday morning NZ time.

Kaseya VSA is a cloud-based platform that allows providers to perform patch management and client monitoring for their customers. The attack allowed the group to take over administrator rights at managed service providers and then move onto client systems.

Reports suggested over 200 geographically distributed business had been successfully attacked and their files encrypted, Datacom said.

Datacom said it had deployed known indicators of the breach to its managed security products and had been monitoring REvil's previous campaigns for some time.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags DatacomkaseyaREvil



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments