SHI Cyberattack Timeline, Malware Recovery and Forensic Investigation Details
SHI International required one week to largely recover from a cyberattack that occurred over the July 4th holiday weekend, the MSP and IT solutions provider has disclosed.
SHI, founded in 1989, supports 15,000 technology partners. The company, based in Somerset, New Jersey, has more than 5,500 employees, according to LinkedIn. SHI’s areas of expertise include e-commerce, fulfillment and IT asset management solutions, along with hybrid data center and storage solutions.
SHI Cyberattack Disclosure and Timeline
Here’s a timeline tracking the SHI cyberattack and recovery efforts:
- July 4 Holiday Weekend, 2022: Hackers launch “coordinated and professional” malware attack against SHI.
- July 6, 2022: SHI discloses the attack, starting that the “incident was swiftly identified and measures were enacted to minimize the impact on SHI’s systems and operations.” SHI staff email has been restored, though the company’s website remains offline. Also, customers have full access to their account teams and specialists via both email and phone. There is no that customer data was accessed, and no third-party supply chain systems were hit, the company believes.
- July 7, 2022: The SHI website remains offline.
- July 8, 2022, 4pm ET: SHI confirmed that it is working with a forensic service provider and law enforcement to investigate the incident. The SHI website remains offline.
- July 1o, 2022: SHI’s website is back online
- July 11, 2022: As of 8:00 am ET, the “vast majority of SHI’s internal and external-facing systems are fully operational,” the company indicated.
SHI Cyberattack Investigation Details: SHI previously said it is working with the FBI and CISA (Cybersecurity & Infrastructure Security Agency) to investigate the attack. Also, SHI did not disclose if the attack involved ransomware, nor did the company say if it knew the name of the attacker.
Hackers, Ransomware Continue to Target MSPs
Amid continued attacks against MSPs, the Cybersecurity and Infrastructure Security Agency (CISA), working with partners worldwide, in May 2022 issued a Cybersecurity Advisory (CSA). That CSA is designed to help MSPs protect themselves and customers from supply chain cyberattacks and other digital threats.
The advisory describes 12 steps that MSPs can take to safeguard their businesses and end-customer systems. The advisory was developed by UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities, the CISA indicated.