CompuCom MSP Might Lose Over $20M After Ransomware Attack
The American Managed System Provider Could Lose Over $20 Million After This Month’s DarkSide Ransomware.
The cyberattack in question consisted of an outage that didn’t allow customers to access the company’s portal therefore, users landing on the website received a general error message.
The company then declared that:
“Certain CompuCom information technology systems have been affected by a malware incident which is affecting some of the services that we provide to certain customers. Our investigation is in its early stages and remains ongoing. We have no indication at this time that our customers’ systems were directly impacted by the incident.
As soon as we became aware of the situation, we immediately took steps to contain it and engaged leading cybersecurity experts to begin an investigation. We are also communicating with customers to provide updates about the situation and the actions we are taking.
We are in the process of restoring customer services and internal operations as quickly and safely as possible. We regret the inconvenience caused by the interruption and appreciate the ongoing support of our customers.”
Right now it is known that some expenses will be covered by the cyber insurance, with CompuCom having an estimated loss of revenue between $5.0 million and $8.0 million as a result of the incident, ODP Corporation declared on Friday.
CompuCom has made significant progress in restoring operations and service delivery to its customers.
While CompuCom has made significant progress in remediating its systems related to the malware incident, ODP nonetheless expects the downtime experienced and related impact due to the malware incident to result in a loss of revenue for the month of March as well as incurred and accrued costs which will adversely impact the Company’s financial results for the first fiscal quarter of 2021.
The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers).
In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.
These expense estimates are primarily related to CompuCom’s efforts to restore service delivery to impacted customers and to address certain other matters resulting from the incident.
The Company carries insurance, including cyber insurance, which it believes to be commensurate with its size and the nature of its operations and expects that a portion of these costs may be covered by insurance.
The company is still working on the restoration of the service delivery to customers and expects to be able to have service delivery restored to substantially all of its customers by the end of March.
When the ransomware operators from DarkSide started encrypting CompuCom’s systems, the MSP decided to disconnect their access to certain customers in order to block the malware from spreading, furthermore the company notified the customers they were compromised by malware.
After finishing the first stages of the incident’s investigation, CompuCom reached out to its customers with a ‘Customer FAQ Regarding Malware Incident’, which provided additional details.
According to this document, the threat actors had installed Cobalt Strike beacons on several systems in CompuCom’s environment, therefore allowing them to steal data, spread to other network devices, and eventually deploy the ransomware payloads on February 28th.