American managed service provider CompuCom is expecting losses of over $20 million following this month’s DarkSide ransomware attack that took down most of its systems.
CompuCom is an IT managed services provider (MSP) and a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max).
The MSP’s workforce of over 8,000 employees provides hardware and software repair, remote support, and other tech services to high-profile companies, including Citibank, Home Depot, Wells Fargo, Target, Trust Bank, and Lowe’s.
Some expenses to be covered by cyber insurance
“The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident (primarily because of CompuCom’s need to temporarily suspend certain services to certain customers),” CompuCom’s parent company, ODP Corporation, revealed on Friday.
“In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.”
The expenses are mainly related to the company’s ongoing efforts to restore impacted systems and services, as well as “to address certain other matters resulting from the incident.”
CompuCom also expects that a share of the expenses incurred after the ransomware attack will be covered by cyber insurance.
“The Company carries insurance, including cyber insurance, which it believes to be commensurate with its size and the nature of its operations and expects that a portion of these costs may be covered by insurance,” ODP Corporation added.
The MSP is still working on restoring service delivery to customers since the ransomware hit its network and expects to “have service delivery restored to substantially all of its customers” by the end of March.
Ransomware deployed using Cobalt Strike beacons
After discovering that DarkSide ransomware’s operators started encrypting CompuCom’s systems, the MSP disconnected their access to some customers to block the malware from spreading.
The company also notified the customers that they were compromised by malware soon after the attack, but didn’t share any info about a possible ransomware attack.
After going through the first stages of the incident’s investigation, CompuCom reached out to customers with a ‘Customer FAQ Regarding Malware Incident’ containing additional details.
According to the FAQ, the threat actors installed Cobalt Strike beacons on several systems in CompuCom’s environment, beacons that allowed them to steal data, spread to other network devices, and eventually deploy the ransomware payloads on February 28.
DarkSide ransomware hit other organizations in the past, including the Brazilian Eletrobras and Copel energy companies, Discount Car and Truck Rentals, and Brookfield Residential.