CompuCom has suffered a malware attack that has impacted some IT systems, the managed IT services provider (MSP) disclosed. The CompuCom cyberattack involves DarkSide ransomware, according to third-party reports. The malware attack comes at an extremely sensitive time, considering CompuCom is up for sale and seeking a buyer for the MSP business.
CompuCom, owned by Office Depot parent ODP Corp., says the attack has impacted “certain CompuCom information technology systems” and associated services that the MSP provides to “certain customers.”
The attack involved DarkSide ransomware, multiple sources told BleepingComputer. However, CompuCom has not publicly confirmed that assertion.
Bitdefender in January 2021 released a free Darkside ransomware decryption tool that allows victims to recover their encrypted files without paying the ransom demand. MSSP Alert does not know if that tool can assist CompuCom with the MSP’s attack recovery.
CompuCom Malware Attack: MSP Company Statement
The public CompuCom statement about the attack read:
“Certain CompuCom information technology systems have been affected by a malware incident which is affecting some of the services that we provide to certain customers. Our investigation is in its early stages and remains ongoing. We have no indication at this time that our customers’ systems were directly impacted by the incident.
As soon as we became aware of the situation, we immediately took steps to contain it, and engaged leading cybersecurity experts to begin an investigation. We are also communicating with customers to provide updates about the situation and the actions we are taking.
We are in the process of restoring customer services and internal operations as quickly and safely as possible. We regret the inconvenience caused by the interruption and appreciate the ongoing support of our customers.”
CompuCom Up for Sale
The attack comes at a particularly bad moment for CompuCom — considering the MSP is up for sale. Indeed, Office Depot parent ODP Corp. is exploring strategic options for CompuCom, including a potential sale of the MSP business, ODP CFO Anthony Scaglione indicated in February 2021.
To safeguard against such attacks, ChannelE2E recommends the following MSP steps:
1. Embrace Multi-Factor Authentication: Activate two-factor/multi-factor authentication (2FA/MFA) on all systems — including MSP software platforms, administrator systems and end-user systems where ever possible. Longer-term: Check in with all of your vendors to understand the current state of their 2FA / MFA strategies, upcoming enhancements and multi-vendor relationships.
2. Configure BDR and Security System Alerts: Check in with security and business continuity platform suppliers. Learn how to properly configure BDR and security systems so that administrators receive alerts whenever system settings are changed or adjusted. Longer-term: Potentially explore third-party 2FA/MFA platforms that can assist this effort. Strive to ensure that BDR and security setting updates/changes require an approved MSP administrator who has 2FA/MFA access.
3. Embrace an MSP Documentation Platform to document your data protection and cybersecurity processes, disaster recovery plans, etc.
4. Stay Informed: Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
7. Integrate Wisely: Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
8. Partner With MSSPs: All MSPs need to get more serious about managed security services. But it’s unwise to suggest that all MSPs will transform into full-blown MSSPs. As an MSP, decide which pieces of the risk mitigation puzzle you can truly manage, then partner up with a true MSSP to fill your gaps. (Related: Top 250 MSSPs, from MSSP Alert.)
9. Refocus Your Travels: As face-to-face conferences get canceled amid the coronavirus pandemic, explore virtual alternatives to continue your cyber education.
10. Additional Suggestions: If you are aware of such attacks and have best practices for risk mitigation and recovery, email me: Joe@AfterNines.com.