Kaseya VSA Still Down Due To ‘Issue’ During Deployment

‘During the VSA SaaS deployment, an issue was discovered that has blocked the release. Unfortunately, the VSA SaaS rollout will not be completed in the previously communicated timeline,’ Kaseya said at 10 p.m. ET Tuesday.

Kaseya’s 36,000 MSP customers are on their sixth day without access to the company’s VSA remote monitoring and management product following Friday’s crippling cyberattack.

The New York and Miami-based IT service management vendor said at 9 p.m. ET Tuesday that all SaaS instances of the company’s flagship VSA tool would be online and accessible by 6 a.m. ET Wednesday. But an hour later, Kaseya encountered yet another setback, further delaying restoration of the company’s VSA SaaS service that MSPs were initially told would be back online by Saturday night.

“During the VSA SaaS deployment, an issue was discovered that has blocked the release,” Kaseya said at 10 p.m. ET Tuesday. “Unfortunately, the VSA SaaS rollout will not be completed in the previously communicated timeline. We apologize for the delay and R&D and operations are continuing to work around the clock to resolve this issue and restore service.”

[Related: Kaseya VSA SaaS Coming Back Tuesday, On-Prem Wednesday]

Kaseya didn’t immediately respond to questions from CRN about what the specific issue is that’s blocking the release of VSA SaaS. Kaseya CEO Fred Voccola initially said Friday evening that the company expected to restore service to its SaaS customers within the next 24 hours.

Even though the SaaS version of Kaseya’s VSA tool wasn’t compromised, the company plans to reduce the attack surface for all versions of VSA by providing an around-the-clock independent SOC for every VSA with the ability to quarantine and isolate files as well as entire VSA servers. Customers who whitelist IPs will be required to whitelist additional IPs once the VSA is back up and running, according to Kaseya.

Both SaaS and on-premises customers will be required to implement a set of systems and network hardening measures prior to restarting their VSA service, said Kaseya, which is devising the requirements in concert with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). VSA customers will not have access to classic ticketing, classic remote control and the user portal when service returns.

The REvil ransomware gang exploited a vulnerability in Kaseya’s on-premises VSA tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end-user customers. The patch for the compromised on-premises version of VSA is expected to be available within 24 hours of SaaS service restoration and is going through testing and validation, Kaseya said.

The restoration of service for the more than 36,000 Kaseya VSA customers has taken significantly longer than expected. Early Sunday, Kaseya said a return to service of its SaaS server farms was expected in the next 24 to 48 hours, and late Sunday afternoon said it planned to restart its SaaS service Monday morning in the United Kingdom, European Union and Asia-Pacific and late Monday in North America.

But those restoration estimates were pushed back yet again late Sunday evening. The majority of Kaseya’s MSP customers use either a SaaS or hosted version of VSA, with roughly 6,500 MSPs using an on-premises version of the RMM product, Voccola told CRN Saturday.

“Our executive committee met at 10:00 p.m. EDT and to best minimize customer risk, felt that more time was needed before we brought the data centers back online,” Kaseya wrote at 11 p.m. ET Sunday. “They elected to meet again tomorrow morning at 8:00 a.m. EDT to reset the schedule with a goal of starting the restoration process to bring our data centers online by end of day on July 5th local time.”

The restoration process was further postponed after an executive committee meeting Monday morning, with Kaseya saying late Monday evening that it hoped to bring its SaaS servers online between 2 and 5 p.m. ET Tuesday. The restoration window was pushed back midday Tuesday to between 4 and 7 p.m. ET that same day due to a configuration change and enhanced security measures being put in place.

At 7:30 p.m. ET Tuesday, Kaseya said the technical work for SaaS deployment had started three and a half hours earlier and that the company’s enhanced security measures were being implemented and verified for proper operation. Pending no issues, Kaseya said the technical work would continue for the next several hours.

But the steady progress wouldn’t last. Restoration issues emerged yet again at 10 p.m. ET Tuesday and remain unresolved nearly 12 hours later.