CompuCom Hit With Malware As MSPs Remain Under Siege

A recent malware attack is affecting some of the services CompuCom provides to customers, and the Office Depot subsidiary said Wednesday it’s in the process of restoring customer services and internal operations

CompuCom admitted Wednesday that a recent malware attack is affecting some of the services the Office Depot subsidiary provides to customers.

The Dallas-based business, No. 41 on the 2020 CRN Solution Provider 500, said late Wednesday that it’s in the process of restoring customer services and internal operations as quickly and safely as possible. CompuCom said there’s no indication that customers’ systems were directly impacted by the malware, but acknowledged that its investigation is still in the early stages.

“As soon as we became aware of the situation, we immediately took steps to contain it, and engaged leading cybersecurity experts to begin an investigation,” CompuCom said in a statement. “We are also communicating with customers to provide updates about the situation and the actions we are taking.”

[Related: Office Depot Open To Retail Business-only Acquisition By Staples, Is Selling CompuCom]

BleepingComputer reported late Wednesday that multiple people had told the news organization that CompuCom was hit with ransomware. CompuCom didn’t immediately respond to a CRN request for comment. If it was ransomware, CompuCom would become the fifth solution provider giant to be hit with ransomware in the past year, joining Cognizant, Conduent, DXC Technology and Tyler Technologies.

CompuCom suffered an outage over the weekend that prevented customers from accessing the solution provider stalwart’s portal to open troubleshooting tickets, according to BleepingComputer. Customers attempting to access the portal would receive a message stating “An error occurred while processing your request. We apologize for the inconvenience. Please re-submit your request,” BleepingComputer said.

The company began contacting customers soon after the attack to let them know that CompuCom had been compromised by malware, BleepingComputer reported. But customers weren’t told what type of attack occurred or whether it was ransomware, according to BleepingComputer.

CompuCom reportedly disconnected their access to some customers to stop the malware from spreading, according to BleepingComputer. One customer told BleepingComputer they had detached from CompuCom‘s Virtual Desktop Infrastructure (VDI) to ensure their data wasn’t affected by the attack.

The profile of the ransomware victims in the channel has moved upmarket. The victims are no longer the small MSP who runs IT for dentists and local law firms, but well-monied technology firms that manage the data and web traffic for the top of the Fortune 500. Despite having the resources to hire the best IT professionals and install top-notch security, these channel giants have also been rattled by ransomware.

CompuCom is a large national systems integrator that Office Depot in 2017 acquired for about $1 billion. Office Depot last reported that its CompuCom Division reported sales of $207 million in the fourth quarter of 2020, which was down 13 percent year over year because of the impact of the COVID-19 on product sales and services.

Office Depot said in January that it has already initiated the process of selling CompuCom as part of a strategic review of its businesses launched in November. The company’s board of directors said the sought-after sale of CompuCom is intended to maximize the business’ full potential and drive its future value and success.

CompuCom was for many years led by IT Hall of Fame inductee Jim Dixon. Under Dixon’s leadership from 1988 to 1996 and again from 2004 to 2013, the company evolved from selling PCs in retail stores into a $2.2 billion behemoth that derived more than half of its revenue and three-quarters of its gross margins from IT outsourcing and services.

But things have been far less stable at CompuCom over the past decade. The revolving door started in May 2013, when Dixon stepped out of the CEO role and was replaced by division leader Tony Doye. Doye left CompuCom in August 2014, prompting Dixon to step back into the CEO slot on an interim basis.

In February 2015, following a six-month search, Don Doctor, who joined CompuCom’s board in May 2013 and had spent several years as CEO of data center maintenance company SMS beginning in 2006, replaced Dixon as CompuCom’s leader. Then in late 2016, Dan Stone was promoted to the CEO role, and became president of the company after CompuCom was acquired by Office Depot.

In June 2018, Stone resigned to “pursue other interests” and was replaced on an interim basis by Greg Hoogerland, the company’s current chief customer officer. Hoogerland was replaced a year later by Mick Slattery, CompuCom’s current president, who joined the company in June 2019 after a brief stint at Conduent and many years at Avanade.