This month’s CompuCom ransomware attack will cause the MSP to lose more than $20 million. The attack took down many of its systems.

On March 3, CompuCom reported malware that affected some of the services it provides to certain customers. The company says it was able to restore delivery of those services again by March 17.

Anticipated First Quarter Losses

ODP (Office Depot) is CompuCom’s parent company. It outlined the costs to CompuCom due to the ransomware attack.

“While CompuCom has made significant progress in remediating its systems related to the malware incident, ODP nonetheless expects the downtime experienced and related impact due to the malware incident to result in a loss of revenue for the month of March, as well as incurred and accrued costs which will adversely impact the company’s financial results for the first fiscal quarter of 2021,” it said. “The company estimates the loss of revenue to be between $5 million and $8 million as a result of the incident, primarily because of CompuCom’s need to temporarily suspend certain services to certain customers.”

In addition, CompuCom expects to incur up to $20 million in expenses, with about $10 million accrued through the first quarter of 2021.

“These expense estimates are primarily related to CompuCom’s efforts to restore service delivery to impacted customers and to address certain other matters resulting from the incident,” ODP said. “The company carries insurance – including cyber insurance – which it believes to be commensurate with its size and the nature of its operations, and expects that a portion of these costs may be covered by insurance.”

CompuCom wouldn’t provide further comment on the attack.

DarkSide Gaining Notoriety

Digital Shadows’ Jamie Hart

Jamie Hart is cyber threat intelligence analyst at Digital Shadows.

“DarkSide is a ransomware as a service that has gained notoriety for its purported donations to charities, their rules for affiliates, and their professionalism within the threat landscape,” she said. “DarkSide will likely continue to conduct attacks based on their success and the recent release of DarkSide 2.0 promising faster encryption and improved features. Targeting a company such as CompuCom not only provides a ransomware group with a target, but could potentially allow the group to target customers of the organization as well. Similar to June 2019, when Sodinokibi began targeting MSPs to gain access to customers, it is realistically possible DarkSide is following suit.”

Joseph Neumann is cyber executive advisor at Coalfire.

Coalfire’s Joseph Neumann

“Speculation is that DarkSide is a group of individuals that were affiliated with other ransomware attacks and is the next evolution of this particular adversary,” he said. “Entities are going to continue using ransomware due to the quick monetization and difficulty to track using crypto exchanges. The best way to look at this is the ransom doesn’t require a bag of cash and a courier in the dark alley to get the money. It’s automated with wallet addresses and some criminals even give you directions on how to purchase crypto.”

MSPs Must Protect Themselves

MSPs should protect themselves just like any other entity, Neumann said. That includes good security fundamentals, patching, configurations, processes, policies and a good security culture.

“MSPs are no different then any other company out there that is being hit,” he said. “They all use the same type of systems and security that every company uses and are prone to human error from misconfigurations or patching. In the case of CompuCom, the damage isn’t so much from the ransomware itself, but its customers’ trust since its business assists in the monitoring and securing of its clients. These companies now have to concerned.”