Schedule Your Free Security Assessment

A special episode featuring Robert Cioffi discussing his MSP's experience with the July 2021 Kaseya VSA ransomware attack and subsequent recovery efforts.

Participants

  • Host: Justin Shelley (Phoenix IT Advisors)
  • Guest: Robert Cioffi (Progressive Computing)
  • Regular Panelists:
    • Mario Zaki (Maztech IT)
    • Bryan Lachapelle (B4 Networks)
    • Barinder Hans (Red Rhino)

Key Event Details

  • Date: July 2, 2021
  • Attack Vector: Kaseya VSA zero-day exploit
  • Impact: 80 clients affected (100% of VSA-managed clients)
  • Recovery Time: 17 calendar days
  • Scale: 250 servers and ~2,100 endpoints recovered

Critical Timeline

  1. 10:49 AM - Attack began
  2. 12:00-12:30 PM - Encryption process completed
  3. July 3rd - Huntress completed forensic analysis
  4. July 4th - Kaseya confirmed analysis
  5. July 5th - Started recovery with first 3 clients
  6. Following 17 days - Full recovery effort

Community Response

  • 27 different companies provided assistance
  • MSPs flew in from across the country to help
  • Support came from locations including:
    • Santa Barbara, CA
    • Austin, TX
    • Minneapolis, MN
    • Kansas
    • Massachusetts
    • Florida

Schedule Your Free Security Assessment

Legal Outcome

  • Attacker identified as Yaroslav Vasinski (23-year-old Ukrainian)
  • Arrested in Poland at border crossing
  • Extradited to US within 5 months
  • Sentenced to 14 years in federal prison
  • Case tried in Dallas federal court

Key Takeaways

  1. Response Framework
    • Immediate incident response
    • Forensic analysis before recovery
    • Legal counsel engagement
    • Community resource activation
  2. Essential Actions
    • File IC3 report with FBI
    • Contact cyber liability insurance
    • Engage legal counsel
    • Conduct forensic analysis before recovery
    • Document everything
  3. Lessons Learned
    • Follow established security frameworks
    • Build strong community connections
    • Maintain cyber liability insurance
    • Have incident response plans ready
    • Focus on victim support and recovery

Organizational Outcome

  • Created MSP911.org (transitioning to Cyberrise)
  • Purpose: Emergency response support for MSPs
  • Volunteer-led organization
  • Provides guidance and resources during cyber incidents

Industry Impact

  • Highlighted importance of MSP community support
  • Demonstrated need for structured incident response
  • Emphasized importance of following security frameworks
  • Revealed scale of organized cybercrime operations
  • Estimated cybercrime GDP: $8 trillion (would rank 3rd globally)

Schedule Your Free Security Assessment