Under Attack? Breach Response Hotline: Call 833.997.7327 (US/CAN)

CompuCom

Caleb Boma | March 29th, 2021

 

According to BleepingComputer, American managed service provider CompuCom is expecting losses of over $20 million following this month’s DarkSide ransomware attack that took down most of its systems.

DarkSide Ransomware Target CompuCom

CompuCom is an IT managed services provider (MSP) and a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max).

The MSP’s workforce of over 8,000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe’s.

“The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers),” CompuCom’s parent company, ODP Corporation, revealed on Friday.

“In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.”

The expenses are mainly related to the company’s ongoing efforts to restore impacted systems and services, as well as “to address certain other matters resulting from the incident.”

CompuCom also expects that a share of the expenses incurred after the ransomware attack will be covered by cyber insurance.

“The Company carries insurance, including cyber insurance, which it believes to be commensurate with its size and the nature of its operations and expects that a portion of these costs may be covered by insurance,” ODP Corporation added.

The MSP is still working on restoring service delivery to customers since the ransomware hit its network and expects to “have service delivery restored to substantially all of its customers” by the end of March.

After discovering that DarkSide ransomware’s operators started encrypting CompuCom’s systems, the MSP disconnected their access to some customers to block the malware from spreading.

The company also notified the customers that they were compromised by malware soon after the attack but didn’t share any info about a possible ransomware attack.

After going through the first stages of the incident’s investigation, CompuCom reached out to customers with a ‘Customer FAQ Regarding Malware Incident’ containing additional details.

According to the FAQ, the threat actors installed Cobalt Strike beacons on several systems in CompuCom’s environment, beacons that allowed them to steal data, spread to other network devices, and eventually deploy the ransomware payloads on February 28.

DarkSide ransomware hit other organizations in the past, including the Brazilian Eletrobras and Copel energy companies, Discount Car and Truck Rentals, and Brookfield Residential.

Again, we’re observing MSPs being targeted heavily by threat actors. The ransomware trends have shown us threat actors are aiming at MSPs who have connections to other organizations. CompuCom provides services for many large enterprises which makes them a perfect target for ransomware operators looking to spread their ransomware to as many machines as possible in one hit.

If your organization is utilizing an MSP, ensure you’ve got a security firm monitoring your network and stopping threats from entering your environment. Fortunately, CompuCom had cyber insurance which could cover some of the expenses due to the attack, but ultimately, they could have avoided this business shutdown with a firm like SpearTip with dedicated engineers concentrating on the protection of the network. Our engineers have also become familiar with DarkSide as the operators have remained active as of late.

SpearTip’s cyber professionals continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.

Categories

Connect With Us

Featured Articles

Protecting Space Satellites
Protecting Space Satellites Using Cybersecurity
25 March 2024
Ransomware-as-a-Service
Growing Cyber Threat: Ransomware-as-a-Service
11 March 2024
Information Security Threats
10 Information Security Threats IT Teams Need To Know
08 March 2024
Data Protection
Companies Investing More Into Data Protection
06 March 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.