Kaseya managed to restore functionality to its SaaS services, which then led to more unplanned downtime. The company has been in a scrambling mode for the past week or so, trying to reboot its SaaS servers, which it has hardened after the REvil ransomware attack.
The company has communicated to users that restoration is complete and that 100% of SaaS servers are live. However, a few hours later the company put out an advisory regarding new problems that arose from the first communication.
The new communication from Kaseya said that because users were returning online en masse in a short window, there were performance issues. Because of that, the vendor made configuration changes that it said would require a restart to take effect. Kaseya told users that they would see a performance improvement.
The restart opened a maintenance window and was accompanied by a warning telling users that they would experience a downtime of about 20 minutes. According to customers the disruption has taken a little longer than the 20 minutes indicated, with some users reporting that even after rebooting, Kaseya’s SaaS services are still a little slow.
What Kaseya is dealing with here is a case of ‘open floodgates.’ Since last week, there has been a lot the vendor has had to deal with, including assessments to find out how many businesses downstream were affected, as well as talk of criminal charges.
The flaws were not fixed on time, which is how the REvil attack ended up being successful. It is expected that the performance of the SaaS service will improve over the next few days.