Note: this guidance was published to on July, 4, 2021 at activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa 

CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack  leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their  customers. CISA and FBI strongly urge affected MSPs and their customers to follow the guidance below.

CISA and FBI recommend affected MSPs: 

  • Download the Kaseya VSA Detection Tool. This tool analyzes a system (either VSA server or managed  endpoint) and determines whether any indicators of compromise (IoC) are present. 
  • Enable and enforce multi-factor authentication (MFA) on every single account that is under the control of the  organization, and—to the maximum extent possible—enable and enforce MFA for customer-facing services.  • Implement allowlisting to limit communication with remote monitoring and management (RMM) capabilities  to known IP address pairs, and/or  
  • Place administrative interfaces of RMM behind a virtual private network (VPN) or a firewall on a dedicated  administrative network. 

CISA and FBI recommend MSP customers affected by this attack take immediate action to implement the following  cybersecurity best practices. Note: these actions are especially important for MSP customer who do not currently  have their RMM service running due to the Kaseya attack.  

CISA and FBI recommend affected MSP customers: 

  • Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the  organizational network; 
  • Revert to a manual patch management process that follows vendor remediation guidance, including the  installation of new patches as soon as they become available; 
  • Implement: 
    • Multi-factor authentication; and 
    • Principle of least privilege on key network resources admin accounts. 


CISA and FBI provide these resources for the reader’s awareness. CISA and FBI do not endorse any non-governmental  entities nor guarantee the accuracy of the linked resources. 

%d bloggers like this: