An American IT firm CompuCom has emerged as the latest victim of a ransomware attack. The firm fell prey to the Darkside ransomware whose attack also disrupted company operations.
CompuCom Suffered Malware Attack
Reportedly, the US-based managed IT service provider firm CompuCom has disclosed to have suffered a cyber attack.
CompuCom is a dedicated IT MSP offering hardware and software solutions, and integration and support services to the customers. The firm has numerous big names on its clientele including Microsoft, HP, Apple, Dell, Cisco, and IBM.
As it turns out, CompuCom suffered a service disruption over the past weekend. The incident left the customers unable to access the customer’s portal. In their press release, CompuCom mentioned some malware attack that caused the disruption.
Certain CompuCom information technology systems have been affected by a malware incident which is affecting some of the services that we provide to certain customers.
Explaining further in the statement, the firm confirmed to have started investigations about the matter by involving cybersecurity experts.
As the investigations remained in progress, CompuCom didn’t reveal any further details in the press release. Yet, they assured that the incident didn’t have any direct impact on customers’ systems.
DarkSide Ransomware Suspected
While CompuCom didn’t precisely state anything about the ransomware, Bleeping Computer has shared details about it. According to a ‘Customer FAQ Regarding Malware Incident’ that they obtained, CompuCom has become a target of DarkSide ransomware attack.
As revealed, the attackers first infected the target network with Cobalt Strike beacons that facilitated the attackers to move across the network. Eventually, on February 28, 2021, they deployed the ransomware that seized CompuCom systems.
As mentioned in the FAQ,
Based on our expert’s analysis to date, we understand that the attacker deployed a persistent Cobalt Strike backdoor to several systems in the environment and acquired administrative credentials. These administrative credentials were then used to deploy the Darkside Ransomware.
For now, it remains unclear if DarkSide has also stolen any data files before encryption – something likely for this ransomware.