Skip to main content

Kaseya VSA Supply-Chain Ransomware Attack

Patch now available for Kaseya VSA platform.

Alert status


The ACSC has observed reporting that organisations globally have been impacted by the Kaseya VSA compromise and REvil ransomware.

The ACSC has also received reporting from impacted Australian organisations.

The ACSC is aware that a vulnerability in the Kaseya VSA platform enabled the REvil group to distribute malware through update mechanisms within Kaseya VSA with the intent of encrypting and ransoming data held on victim networks. For more information, please refer to Kaseya’s notification. Early reporting of this issue suggested a Supply-Chain attack, Kaseya advise that malicious actors exploited a critical vulnerability (CVE-2021-30116) in the platform to deploy ransomware.

Update and Mitigation

On 12 July 2021, Kaseya released a patch which mitigates ongoing risk to organisations of compromise through this activity. Please see Kaseya’s page for instructions on how to prepare you VSA server to safely apply this patch.


The ACSC is monitoring the situation and is able to provide assistance and advice as required.

Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it