[BreachExchange] CompuCom Malware Attack Expected To Cost Company $20M

Wed Mar 31 11:00:13 EDT 2021

https://www.crn.com/news/security/compucom-malware-attack-expected-to-cost-company-20m

CompuCom will spend up to $20 million and lose up to $8 million in
revenue after a malware attack forced the company to suspend some
services.

The Fort Mill, S.C.-based Office Depot subsidiary, No. 41 on the 2020
CRN Solution Provider 500, said it wasn’t able to substantially
restore its service delivery capabilities until March 17, 16 days
after the malware attack took place. CompuCom expects to restore
service delivery to essentially all customers by the end of March,
according to Office Depot.

“While CompuCom has made significant progress in remediating its
systems related to the malware incident, ODP [Office Depot]
nonetheless expects the down time experienced and related impact due
to the malware incident to result in a loss of revenue,” Office Depot
announced at 5:10 p.m. ET Friday.

The malware attack forced CompuCom to temporarily suspend certain
services to certain customers, while other services not directly
impacted by the malware continued to be delivered to customers
throughout March, Office Depot said. As part of its efforts, CompuCom
has restored service delivery as well as hardened its systems with
enhanced security measures and advanced anti-malware agents.

CompuCom expects to lose between $5 million and $8 million of revenue
due to its need to temporarily suspend certain services following the
malware attack, Office Depot said. The company also expects to spend
up to $20 million – including $10 million in the fiscal quarter ending
Saturday – on its efforts to restore service delivery to impacted
customers as well as other issues stemming from the attack.

The company carries cyber insurance commensurate with the size and
nature of its operations, and expects that a portion of its costs may
be covered by insurance. Office Depot has for months been attempting
to sell CompuCom in an effort to undo its 2017 acquisition of the
large national systems integrator for about $1 billion.

CompuCom told customers in early March that it suffered a DarkSide
ransomware attack after the hackers deployed a CobaltStrike backdoor
to several systems in its environment and got administrative
credentials, BleepingComputer reported. The company declined to answer
questions on what services had to be suspended, how many customers
were impacted, and whether it was DarkSide ransomware.

Office Depot said Feb. 24 that CompuCom recorded sales of $207 million
in the fourth quarter of 2020, which was down 13 percent year over
year because of the impact of the COVID-19 pandemic on product sales
and services. The company said its management team won’t be discussing
the malware attack until Office Depot’s first quarter earnings call,
which is expected to occur on or about May 5.

The DarkSide ransomware group started by installing Cobalt Strike
beacons of several systems in CompuCom’s ecosystem, according to a
‘Customer FAQ Regarding Malware Incident’ document shared with
BleepingComputer March 4. Adversaries can use Cobalt Strike to
proactively test victim’s defenses against advanced tactics and
procedures.

The Cobalt Strike beacons give remote adversaries access to the
network to steal data and spread to other machines, BleepingComputer
said. Then on Feb. 28, BleepingComputer said the hackers were able to
achieve their objective of deploying the ransomware. CompuCom first
suffered an outage over the weekend of Feb. 27 that blocked customers
from opening troubleshooting tickets in the firm’s portal.

It is likely that the DarkSide ransomware operators harvested
CompuCom’s unencrypted files before encrypting the devices, according
to BleepingComputer. If CompuCom or CompuCom customer data was stolen
and a ransom is not paid, the DarkSide group will likely publish this
data on their ransomware leak site, BleepingComputer reported.

CompuCom becomes the fifth solution provider behemoth to suffer a
ransomware attack in the past year, following in the footsteps of
Cognizant, Conduent, DXC Technology and Tyler Technologies. The five
channel titans that have been hit with ransomware have combined
revenue of $42.78 billion and a joint market cap of $54.36 billion.