Spammers are targeting victims of last weekend’s Kaseya VSA supply chain ransomware attack with phishing schemes and other malicious tactics.

The Kaseya VSA supply chain ransomware attack impacted about four-dozen customers. That includes 35 MSPs. About 1,500 of their customers also suffered.

In its latest alert to customers, Kaseya said spammers are using the news about the incident to send out fake email notifications that appear to be Kaseya updates.

“These are phishing emails that may contain malicious links and/or attachments,” it said. “Spammers may also be making phone calls claiming to be a Kaseya partner reaching out to help. Kaseya is not having any partners reach out. Do not respond to any phone calls claiming to be a Kaseya partner. Do not click on any links or download any attachments in emails claiming to be a Kaseya advisory.”

Moving forward, all new Kaseya email updates won’t contain any links or attachments, the company said.

Vulnerabilities Fixed

The attackers breached Kaseya VSA, just one of the company’s 27 modules. Kaseya VSA is its remote monitoring and management (RMM) service. All of the MSPs were using the VSA on-premises product.

VSA, both on-premises and SaaS, should be back Sunday afternoon. Both were previously expected to be back up this week.

In the meantime, Dan Timpson, Kaseya’s CTO, said the vulnerabilities that led to the attack have been fixed.

Kaseya’s Dan Timpson

“First and foremost from a software or code perspective, we have fixed the vulnerabilities in our software for on premises and our cloud,” he said. “We’ve documented the fixes and we’ve had those peer-reviewed by the external parties. We’re also looking at our internal process controls from deployment and how we deploy to the cloud, and we’ve updated our runbooks as a result. So in effect, what we’re doing as a company is adding a lot more rigor to our processes, our deployment, to the code base, to keep everyone safe and to improve the overall security posture of our products.”

The fact that the malicious hackers were only able to breach VSA was by design, Timpson said. With the IT Complete platform’s modular design, it will “segment and protect the rest of our customer population in those technologies.”