CompuCom Malware Attack Expected To Cost Company $20M

Office Depot subsidiary CompuCom admitted Friday it wasn’t able to substantially restore its service delivery capabilities until March 17, 16 days after a crippling malware attack took place.

ARTICLE TITLE HERE

CompuCom will spend up to $20 million and lose up to $8 million in revenue after a malware attack forced the company to suspend some services.

The Fort Mill, S.C.-based Office Depot subsidiary, No. 41 on the 2020 CRN Solution Provider 500, said it wasn’t able to substantially restore its service delivery capabilities until March 17, 16 days after the malware attack took place. CompuCom expects to restore service delivery to essentially all customers by the end of March, according to Office Depot.

“While CompuCom has made significant progress in remediating its systems related to the malware incident, ODP [Office Depot] nonetheless expects the down time experienced and related impact due to the malware incident to result in a loss of revenue,” Office Depot announced at 5:10 p.m. ET Friday.

id
unit-1659132512259
type
Sponsored post

[Related: CompuCom Hit By DarkSide Ransomware, Tells Customers: Report]

The malware attack forced CompuCom to temporarily suspend certain services to certain customers, while other services not directly impacted by the malware continued to be delivered to customers throughout March, Office Depot said. As part of its efforts, CompuCom has restored service delivery as well as hardened its systems with enhanced security measures and advanced anti-malware agents.

CompuCom expects to lose between $5 million and $8 million of revenue due to its need to temporarily suspend certain services following the malware attack, Office Depot said. The company also expects to spend up to $20 million – including $10 million in the fiscal quarter ending Saturday – on its efforts to restore service delivery to impacted customers as well as other issues stemming from the attack.

The company carries cyber insurance commensurate with the size and nature of its operations, and expects that a portion of its costs may be covered by insurance. Office Depot has for months been attempting to sell CompuCom in an effort to undo its 2017 acquisition of the large national systems integrator for about $1 billion.

CompuCom told customers in early March that it suffered a DarkSide ransomware attack after the hackers deployed a CobaltStrike backdoor to several systems in its environment and got administrative credentials, BleepingComputer reported. The company declined to answer questions on what services had to be suspended, how many customers were impacted, and whether it was DarkSide ransomware.

Office Depot said Feb. 24 that CompuCom recorded sales of $207 million in the fourth quarter of 2020, which was down 13 percent year over year because of the impact of the COVID-19 pandemic on product sales and services. The company said its management team won’t be discussing the malware attack until Office Depot’s first quarter earnings call, which is expected to occur on or about May 5.

The DarkSide ransomware group started by installing Cobalt Strike beacons of several systems in CompuCom’s ecosystem, according to a ‘Customer FAQ Regarding Malware Incident’ document shared with BleepingComputer March 4. Adversaries can use Cobalt Strike to proactively test victim’s defenses against advanced tactics and procedures.

The Cobalt Strike beacons give remote adversaries access to the network to steal data and spread to other machines, BleepingComputer said. Then on Feb. 28, BleepingComputer said the hackers were able to achieve their objective of deploying the ransomware. CompuCom first suffered an outage over the weekend of Feb. 27 that blocked customers from opening troubleshooting tickets in the firm’s portal.

It is likely that the DarkSide ransomware operators harvested CompuCom’s unencrypted files before encrypting the devices, according to BleepingComputer. If CompuCom or CompuCom customer data was stolen and a ransom is not paid, the DarkSide group will likely publish this data on their ransomware leak site, BleepingComputer reported.

CompuCom becomes the fifth solution provider behemoth to suffer a ransomware attack in the past year, following in the footsteps of Cognizant, Conduent, DXC Technology and Tyler Technologies. The five channel titans that have been hit with ransomware have combined revenue of $42.78 billion and a joint market cap of $54.36 billion.