No ransomware at Centric customers with security incident Kaseya

Thursday 22 July

Update Thursday 22 July

The past days have been spent working to update the Kaseya servers according to the guidelines of Kaseya. The coming period will be used to bring the services back online in consultation with the customers of Centric. As the situation is under control, Centric will close down reporting via these channels.

For questions we ask customers to contact their Centric Service Manager.


Tuesday 13 July

Update Tuesday 13 July

On July 11 Kaseya released a procedure for updating on-premises Kaseya VSA servers safely. Kaseya combined the release of the patch with a new official Feature Release of their VSA software. Yesterday Kaseya was able to bring all their SaaS servers back online with the latest Feature Release.

On July 12 Centric started the preparations for the Feature Release update to on-premises test servers. This update will be deployed to production after successful testing and internal approvals. It is expected that the production servers will be provided with the Kaseya Feature Release before the end of today.

In the meantime, coordination with affected customers is done to put Kaseya back into production in a trusted and secure manner.


Friday 9 July

Update Friday 9 July

On July 7 Kaseya published a runbook of the changes to make to on-premises Kaseya servers. This is not the patch itself but instructions to prepare the servers for the upcoming patch release. Kaseya released the news that the patch will be available not before Sunday 11 July.

The release of the patch was initially scheduled directly after the startup of their SaaS environments. Unfortunately, Kaseya was unable to solve the startup issues they were facing earlier on last Tuesday. This forced them to take more time for the restart. As a result, there was also a delay in releasing the patch for on-premises servers.

Meanwhile, Centric’s security and technical specialists began analyzing the runbook provided by Kaseya and started preparing the servers concerned. This was done after mandatory internal approvals. Yesterday all preparations have been made to all Kaseya servers in Centric’s environments. The Kaseya servers of Centric are now ready to receive the patch. Plans are being made to bring the Kaseya servers back online safely. This is done after internal assessment of the patch and in close consultation with the customers of Centric.


Tuesday 6 July

This is an update of the message of Monday 5 July

On July 6, 2021 - 10:00 PM CET Kaseya began the controlled startup of their SaaS servers. During this startup, Kaseya made some findings that led them to postpone the startup temporarily. Kaseya is working hard to resolve these findings and expects to proceed with the startup today.

Directly after successful startup of their SaaS servers, Kaseya says it will release the security patch and associated procedure for on-premises servers as well. This security patch has been developed and is currently going through the final testing and validation process. Centric expects to receive the patch from Kaseya within the next 24 to 48 hours. Therefor Centric is currently planning deployment en test procedures to bring our Kaseya servers back online in a safely and controlled manner but not without consultation with customers first.


Monday 5 July

Update Monday 5 July

There are still no reports of compromise from customers of Centric. Centric remains cautious and alert. The release date of the security patch for the on-premise Kaseya server is still unknown. Should this situation change, Centric will report this here and inform the customers concerned.


Sunday 4 July

This is an update of the message of Saturday 3 July

On Sunday July 4th Kaseya released a ‘Compromise Detection Tool’ to scan Kaseya VSA servers. Centric specialists have scanned all the servers that run Kaseya software with this detection tool. The outcome was negative in all cases. This means that no indication of an infection has been found on Centric servers that run Kaseya software.

There are still no reports of compromise from customers of Centric. While this is good news, Centric remains cautious and alert.

The servers will stay switched off until further notice from Kaseya. Centric is in close contact with Kaseya. Although Kaseya is doing their utmost to provide the solution, the official release date of the new security patch is not yet known. From the moment the patch is provided, our specialists will start installing and testing it. The Centric servers will be brought back online after consultation with customers.


Saturday 3 July

On Friday 2 July 2021, Kaseya* has sent a notice to all its customers worldwide, that it had learned of a potential security incident involving their remote monitoring and management software. Centric uses Kaseya software for a limited number of customers. After this notice from Kaseya, Centric immediately shut down all services as a precautionary measure even though Centric had not received any reports of compromise from any customers. Centric will keep the services down until further notice from Kaseya, which they have said will follow within 24 to 48 hours.

Kaseya has found the root cause and is currently working on the solution, a security patch. Once the patch is available, Centric will perform an offline installation and a controlled deployment. Switching Kaseya software back on for customers will only be done in joint consultation with the customers of Centric.

Centric is continuously investigating and monitoring the situation. In the current situation we have no indication that customers are at threat. No issues of ransomware are known. However, Centric remains cautious and alert. The shutdown itself does not lead to operational problems for our customers.

Centric will keep its customers that use Kaseya software informed regarding any changes. For questions we ask customers to contact their Centric Service Manager.

This message will be updated daily, until Centric is certain the situation has been fully resolved.

*Kaseya is used for managing endpoints like workplaces and POS-systems. Its functionalities include (among other things): software deployment, remote control, antivirus, patch management and monitoring.

Last update: Thursday 22 July 13:07 hrs. CET.