How JustTech Recovered From The ‘Humungous’ Kaseya Ransomware Attack In 10 Days

“Then my background just turned white. And [my IT director] said, ‘Oh my gosh, that’s ransomware. Shut it down. Shut everything down,” says Joshua Justice, president of JustTech.


On July 2, JustTech’s President Joshua Justice was preparing for an upcoming team meeting presentation when his MSP suddenly fell victim to the massive Kaseya ransomware attack.

“It was about 12:30 p.m. and my programs started disappearing and closing,” said Justice, founder and president of La Plata, Maryland-based MSP JustTech, which uses Kaseya’s MSP products to service clients.

Justice immediately called his IT director to ask him if he had seen any issues. The director told Justice that he had just been pulled out of a meeting because “they were seeing some odd things.”

Sponsored post

“Then my background just turned white,” Justice said. “And [my IT director] said, ‘Oh my gosh, that’s ransomware. Shut it down. Shut everything down.’’

Justice then heard him yell to his help desk to call every client to shut their servers down until they knew what was going on. The CEO emailed and texted clients and staff to do the same. Within eight minutes, everything was down.

[Related: The Kaseya Attack]

“From that moment through now, we’ve been focused on the recovery,” he told CRN Tuesday morning. “Our team members have been incredible. They worked all weekend, all last week, all of the holiday. They’re basically working 18 hours and sleeping six.”

JustTech has more than 3,000 clients using offered services like Xerox, managed print services, managed IT services, cloud fax services and app solutions. Only a few hundred use managed IT services. About 120 were affected by the ransomware attack, Justice said.

Every day since the breach he’s been in communication with clients day and night, assuring them that backups are in place.

“Of course we’re incurring expenses. We’ve bought every hard drive at every Best Buy in the region to transfer data because we didn’t have hundreds of hundreds of hard drives in stock,” he said.

JustTech, which did not end up paying any ransom, is not billing its clients for the hours involved in rebuilding their networks. The financial impact has yet to be determined, said Justice.

“We’re a services company,” he said. “Our success is our client’s success. These clients got hit hard during COVID. With this, we don’t want our clients to be burdened by big bills from us.”

During the response and recovery period, the CEO never let his emotions get the best of him, comparing his reaction to a wartime general.

“I’m immediately moving to, ‘Let’s get through this. Let’s stay focused on this,’” he said. “I have tried to just stay focused on the recovery and on the clients, and I’ll deal with all of the emotions later.

“It’s been a humungous ordeal,” he added. “It’s something that hasn’t happened before.”

And the MSP community has been supportive. Justice said 20 to 30 MSPs, some direct competitors, have reached out to him offering support and asking how he got through the breach to better prepare themselves if they get hacked in the future.

While the focus right now is on restoring networks, the wheels are already turning as to how to decrease recovery time should this happen again.

“We’re going to put even more emphasis on recovery and how, if something were to happen again, we can help our clients recover faster,” he said. “We have to look at more protection, faster recovery. We’re going to recover to a functional state in 10 total days, not business days, which everyone said is incredible…although we’ve never been through this before.”

But Justice wants to shorten that window.

“If we can make this less impactful to clients, than that’s even more important,” he said. “There’s less down time and clients can get back to doing their work.”

He also wants to move more programs to the cloud and use mobile imaging servers, which his team used at client sites and reimaged multiple devices at once.

“We’re already learning some lessons and we’re thinking of things we can do to become faster to bring our clients back up and running should this happen again,” he said. “We will also look at ways to make sure we are better protected with the vendors we work with.”