CompuCom Hit With Malware As MSPs Remain Under Siege

[mood]

CompuCom Hit With Malware As MSPs Remain Under Siege

A recent malware attack is affecting some of the services CompuCom provides to customers, and the Office Depot subsidiary said Wednesday it’s in the process of restoring customer services and internal operations

 

 

CompuCom admitted Wednesday that a recent malware attack is affecting some of the services the Office Depot subsidiary provides to customers.

 

The Dallas-based business, No. 41 on the 2020 CRN Solution Provider 500, said late Wednesday that it’s in the process of restoring customer services and internal operations as quickly and safely as possible. CompuCom said there’s no indication that customers’ systems were directly impacted by the malware, but acknowledged that its investigation is still in the early stages.

 

“As soon as we became aware of the situation, we immediately took steps to contain it, and engaged leading cybersecurity experts to begin an investigation,” CompuCom said in a statement. “We are also communicating with customers to provide updates about the situation and the actions we are taking.”

 

BleepingComputer reported late Wednesday that multiple people had told the news organization that CompuCom was hit with ransomware. CompuCom didn’t immediately respond to a CRN request for comment. If it was ransomware, CompuCom would become the fifth solution provider giant to be hit with ransomware in the past year, joining Cognizant, Conduent, DXC Technology and Tyler Technologies.

 

CompuCom suffered an outage over the weekend that prevented customers from accessing the solution provider stalwart’s portal to open troubleshooting tickets, according to BleepingComputer. Customers attempting to access the portal would receive a message stating “An error occurred while processing your request. We apologize for the inconvenience. Please re-submit your request,” BleepingComputer said.

 

The company began contacting customers soon after the attack to let them know that CompuCom had been compromised by malware, BleepingComputer reported. But customers weren’t told what type of attack occurred or whether it was ransomware, according to BleepingComputer.

 

CompuCom reportedly disconnected their access to some customers to stop the malware from spreading, according to BleepingComputer. One customer told BleepingComputer they had detached from CompuCom‘s Virtual Desktop Infrastructure (VDI) to ensure their data wasn’t affected by the attack.

 

The profile of the ransomware victims in the channel has moved upmarket. The victims are no longer the small MSP who runs IT for dentists and local law firms, but well-monied technology firms that manage the data and web traffic for the top of the Fortune 500. Despite having the resources to hire the best IT professionals and install top-notch security, these channel giants have also been rattled by ransomware.

 

CompuCom is a large national systems integrator that Office Depot in 2017 acquired for about $1 billion. Office Depot last reported that its CompuCom Division reported sales of $207 million in the fourth quarter of 2020, which was down 13 percent year over year because of the impact of the COVID-19 on product sales and services.

 

Office Depot said in January that it has already initiated the process of selling CompuCom as part of a strategic review of its businesses launched in November. The company’s board of directors said the sought-after sale of CompuCom is intended to maximize the business’ full potential and drive its future value and success.

 

CompuCom was for many years led by IT Hall of Fame inductee Jim Dixon. Under Dixon’s leadership from 1988 to 1996 and again from 2004 to 2013, the company evolved from selling PCs in retail stores into a $2.2 billion behemoth that derived more than half of its revenue and three-quarters of its gross margins from IT outsourcing and services.

 

But things have been far less stable at CompuCom over the past decade. The revolving door started in May 2013, when Dixon stepped out of the CEO role and was replaced by division leader Tony Doye. Doye left CompuCom in August 2014, prompting Dixon to step back into the CEO slot on an interim basis.

 

In February 2015, following a six-month search, Don Doctor, who joined CompuCom’s board in May 2013 and had spent several years as CEO of data center maintenance company SMS beginning in 2006, replaced Dixon as CompuCom’s leader. Then in late 2016, Dan Stone was promoted to the CEO role, and became president of the company after CompuCom was acquired by Office Depot.

 

In June 2018, Stone resigned to “pursue other interests” and was replaced on an interim basis by Greg Hoogerland, the company’s current chief customer officer. Hoogerland was replaced a year later by Mick Slattery, CompuCom’s current president, who joined the company in June 2019 after a brief stint at Conduent and many years at Avanade.

 

 

Source: CompuCom Hit With Malware As MSPs Remain Under Siege

[mood]

CompuCom MSP expects over $20M in losses after ransomware attack

 

 

American managed service provider CompuCom is expecting losses of over $20 million following this month's DarkSide ransomware attack that took down most of its systems.

 

CompuCom is an IT managed services provider (MSP) and a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max).

 

The MSP's workforce of over 8,000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe's.

Some expenses to be covered by cyber insurance

"The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom's need to temporarily suspend certain services to certain customers)," CompuCom's parent company, ODP Corporation, revealed today.

 

"In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021."

 

The expenses are mainly related to the company's ongoing efforts to restore impacted systems and services, as well as "to address certain other matters resulting from the incident."

CompuCom also expects that a share of the expenses incurred after the ransomware attack will be covered by cyber insurance.

"The Company carries insurance, including cyber insurance, which it believes to be commensurate with its size and the nature of its operations and expects that a portion of these costs may be covered by insurance," ODP Corporation added.

The MSP is still working on restoring service delivery to customers since the ransomware hit its network and expects to "have service delivery restored to substantially all of its customers" by the end of March.

Ransomware deployed using Cobalt Strike beacons

After discovering that DarkSide ransomware's operators started encrypting CompuCom's systems, the MSP disconnected their access to some customers to block the malware from spreading.

 

The company also notified the customers that they were compromised by malware soon after the attack, but didn't share any info about a possible ransomware attack.

 

After going through the first stages of the incident's investigation, CompuCom reached out to customers with a 'Customer FAQ Regarding Malware Incident' containing additional details.

 

According to the FAQ, the threat actors installed Cobalt Strike beacons on several systems in CompuCom's environment, beacons that allowed them to steal data, spread to other network devices, and eventually deploy the ransomware payloads on February 28.

 

DarkSide ransomware hit other organizations in the past, including the Brazilian Eletrobras and Copel energy companies, Discount Car and Truck Rentals, and Brookfield Residential.

 

 

Source: CompuCom MSP expects over $20M in losses after ransomware attack