Anyone running VSA in connection with their remote company access program is advised to shut down the VSA server immediately. The company behind VSA sent out that advice on Friday afternoon after announcing a ransomware attack that had hit 40 of its direct customers and raised the potential to affect thousands more indirectly. The company's updated news indicates that the scope of the attack may not be as wide as initially feared, but investigation and remediation are ongoing.
The continued attacks on small and large companies -- affected VSA users are being ransomed for $50K or $5M depending on the size of the enterprise -- point out the ongoing need for planning in both security and continuity of operations. It is much, much, much less expensive and less disruptive to create an incident response plan and have backup data access than to face involuntary shutdown, investigation, costs to fix the issue, customer relations problems, potentially permanent loss of data, and potential contractual or regulatory liability.
We suggest engaging IT and legal professionals to talk about how your company might be vulnerable and how to plan to avoid or mitigate problems. We also suggest carrying cyber insurance that can help in case of a problem -- and securing a policy sooner rather than later.
On Friday, information technology company Kaseya sent out a warning of a “potential attack” on its VSA tool, which is used by IT to manage and monitor computers remotely. Kaseya urged customers to shut down their servers running the service.