US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP’s network to prevent the spread of malware.
CompuCom is an IT managed services provider (MSP) that provides remote support, hardware and software repair, and other technology services to companies. CompuCom is a wholly-owned subsidiary of The ODP Corporation (Office Depot/Office Max) and employs approximately 8,000 people.
Some of the past and existing customers of CompuCom include well-known names, such as Home Depot, Target, Citibank, Wells Fargo, Truist Bank, and Lowe’s.
If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.
The attack occurred over the weekend
Over the weekend, CompuCom suffered an outage that prevented customers from accessing the company’s customer portal to open troubleshooting tickets.
When visiting the portal, the website greeted customers with a general error message stating, “An error occurred while processing your request.”
BleepingComputer was told that CompuCom began contacting customers to alert them that they had been compromised by malware soon after the attack. However, customers were not told what type of attack occurred and whether it was ransomware.
In later conversations with affected customers, BleepingComputer learned that CompuCom had disconnected their access to some customers to prevent the malware’s spread. Another customer told us that they had detached from CompuCom’s VDIs (Virtual Desktop Infrastructure) to ensure their data was not affected by the attack.
Multiple people also told BleepingComputer that this was a ransomware attack, but we could not confirm independently if this is true.
After reaching out to CompuCom about the attack, the company issued a statement to BleepingComputer stating that they suffered a ‘malware incident’ and that there is no evidence of it spreading to customers’ systems.
You can read the full CompuCom statement below:
“Certain CompuCom information technology systems have been affected by a malware incident which is affecting some of the services that we provide to certain customers. Our investigation is in its early stages and remains ongoing. We have no indication at this time that our customers’ systems were directly impacted by the incident.
As soon as we became aware of the situation, we immediately took steps to contain it, and engaged leading cybersecurity experts to begin an investigation. We are also communicating with customers to provide updates about the situation and the actions we are taking.
We are in the process of restoring customer services and internal operations as quickly and safely as possible. We regret the inconvenience caused by the interruption and appreciate the ongoing support of our customers.” – CompuCom
Unfortunately, based on the information BleepingComputer has received and the statement by CompuCom, the company has most likely suffered a ransomware attack.
If this turns out to be a ransomware attack, threat actors likely stole unencrypted files.