CompuCom, a US-managed service provider, has witnessed a DarkSide ransomware attack. It has resulted in a service outage and users are disconnecting from the MSP’s network so the spread of the malware can be prevented.
CompuCom is an IT managed services provider (MSP) that supplies remote support to its customers, includes repairing hardware and software, and provides various other technical facilities to the companies.
CompuCom is owned by ODP Corporation (Office Depot/Office Max), additionally, it gives employment opportunities to a maximum of 8,000 people.
It was around the weekend, CompuCom witnessed an outage that had prevented clients from getting access to the company’s customer portal to open troubleshooting tickets. When customers visit the portal, the website simply is displaying an error message. “An error occurred while processing your request.” Website reads.
In a conversation with Press CompuCom told that they have started informing its users and warned them against the malware attack. However, the company has not revealed to its customers the type of attack that has occurred and whether it was ransomware or not. Multiple people in conversation with the press stated that “this was a ransomware attack”, however, the officials had not confirmed.
Additionally, when the press talked with affected customers, it has been known that CompuCom had disconnected their access to some customers so the attack can be prevented. Another client told, “Some of us had detached from CompuCom’s VDIs (Virtual Desktop Infrastructure) to ensure their data was not affected by the attack”.
CompuCom issued a statement in which they stated that the company had witnessed a ‘malware incident’, and there’s no evidence of it spreading to customers’ systems.
“Certain CompuCom information technology systems have been affected by a malware incident which is affecting some of the services that we provide to certain customers. Our investigation is in its early stages and remains ongoing. We have no indication at this time that our customers’ systems were directly impacted by the incident…”
“…As soon as we became aware of the situation, we immediately took steps to contain it and engaged leading cybersecurity experts to begin an investigation. We are also communicating with customers to provide updates about the situation and the actions we are taking. We are in the process of restoring customer services and internal operations as quickly and safely as possible,”
“…We regret the inconvenience caused by the interruption and appreciate the ongoing support of our customers.” – CompuCom reported.
But today, CompuCom’s customers shared a ‘Customer FAQ Regarding Malware Incident’ that gives even thorough details of the attack, than given by the company.
“Based on our expert’s analysis to date, we understand that the attacker deployed a persistent Cobalt Strike backdoor to several systems in the environment and acquired administrative credentials. These administrative credentials were then used to deploy the Darkside Ransomware,” the CompuCom FAQ reads.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.