According to BleepingComputer, American managed service provider CompuCom is expecting losses of over $20 million following this month’s DarkSide ransomware attack that took down most of its systems.

CompuCom is an IT managed services provider (MSP) and a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max).

The MSP’s workforce of over 8,000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe’s.

“The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers),” CompuCom’s parent company, ODP Corporation, revealed on Friday.

“In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.”

The expenses are mainly related to the company’s ongoing efforts to restore impacted systems and services, as well as “to address certain other matters resulting from the incident.”

CompuCom also expects that a share of the expenses incurred after the ransomware attack will be covered by cyber insurance.

“The Company carries insurance, including cyber insurance, which it believes to be commensurate with its size and the nature of its operations and expects that a portion of these costs may be covered by insurance,” ODP Corporation added.

The MSP is still working on restoring service delivery to customers since the ransomware hit its network and expects to “have service delivery restored to substantially all of its customers” by the end of March.

After discovering that DarkSide ransomware’s operators started encrypting CompuCom’s systems, the MSP disconnected their access to some customers to block the malware from spreading.

The company also notified the customers that they were compromised by malware soon after the attack but didn’t share any info about a possible ransomware attack.

After going through the first stages of the incident’s investigation, CompuCom reached out to customers with a ‘Customer FAQ Regarding Malware Incident’ containing additional details.

According to the FAQ, the threat actors installed Cobalt Strike beacons on several systems in CompuCom’s environment, beacons that allowed them to steal data, spread to other network devices, and eventually deploy the ransomware payloads on February 28.

DarkSide ransomware hit other organizations in the past, including the Brazilian Eletrobras and Copel energy companies, Discount Car and Truck Rentals, and Brookfield Residential.

 

Again, we’re observing MSPs being targeted heavily by threat actors. The ransomware trends have shown us threat actors are aiming at MSPs who have connections to other organizations. CompuCom provides services for many large enterprises which makes them a perfect target for ransomware operators looking to spread their ransomware to as many machines as possible in one hit.

If your organization is utilizing an MSP, ensure you’ve got a security firm monitoring your network and stopping threats from entering your environment. Fortunately, CompuCom had cyber insurance which can cover some of the expenses due to the attack, but ultimately, they could have avoided this business shut down with a firm like SpearTip with dedicated engineers concentrating on the protection of the network. Our engineers have also become familiar with DarkSide as the operators have remained active as of late.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.