{
	"id": "8a38a2a9-cfd6-4864-9f6a-71abdc230484",
	"created_at": "2026-04-06T00:07:02.85799Z",
	"updated_at": "2026-04-10T13:13:05.077475Z",
	"deleted_at": null,
	"sha1_hash": "bb94fd46593257267d199d7c0e1ec0228cdb5406",
	"title": "CompuCom MSP hit by DarkSide ransomware cyberattack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1996850,
	"plain_text": "CompuCom MSP hit by DarkSide ransomware cyberattack\r\nBy Lawrence Abrams\r\nPublished: 2021-03-04 · Archived: 2026-04-05 17:24:33 UTC\r\nUpdate 3/4/21: This article was originally published on 3/3/21 and has been updated with new info.\r\nUS managed service provider CompuCom has suffered a DarkSide ransomware attack leading to service outages and\r\ncustomers disconnecting from the MSP's network to prevent the spread of malware.\r\nCompuCom is an IT managed services provider (MSP) that provides remote support, hardware and software repair, and\r\nother technology services to companies. CompuCom is a wholly-owned subsidiary of The ODP Corporation (Office\r\nDepot/Office Max) and employs approximately 8,000 people.\r\nhttps://www.bleepingcomputer.com/news/security/compucom-msp-hit-by-darkside-ransomware-cyberattack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/compucom-msp-hit-by-darkside-ransomware-cyberattack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nSome of the past and existing customers of CompuCom include well-known names, such as Home Depot, Target, Citibank,\r\nWells Fargo, Truist Bank, and Lowe's.\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nThe attack occurred over the weekend\r\nOver the weekend, CompuCom suffered an outage that prevented customers from accessing the company's customer portal\r\nto open troubleshooting tickets.\r\nWhen visiting the portal, the website greeted customers with a general error message stating, \"An error occurred while\r\nprocessing your request.\"\r\nError message on CompuCom client portal\r\nBleepingComputer was told that CompuCom began contacting customers to alert them that they had been compromised by\r\nmalware soon after the attack. However, customers were not told what type of attack occurred and whether it was\r\nransomware.\r\nIn later conversations with affected customers, BleepingComputer learned that CompuCom had disconnected their access to\r\nsome customers to prevent the malware's spread. Another customer told us that they had detached from CompuCom's VDIs\r\n(Virtual Desktop Infrastructure) to ensure their data was not affected by the attack.\r\nMultiple people also told BleepingComputer that this was a ransomware attack, but we could not confirm independently if\r\nthis is true.\r\nAfter reaching out to CompuCom about the attack, the company issued a statement to BleepingComputer stating that they\r\nsuffered a 'malware incident' and that there is no evidence of it spreading to customers' systems.\r\nYou can read the full CompuCom statement below:\r\n\"Certain CompuCom information technology systems have been affected by a malware incident which is\r\naffecting some of the services that we provide to certain customers. Our investigation is in its early stages and\r\nremains ongoing. We have no indication at this time that our customers' systems were directly impacted by the\r\nincident. \r\nAs soon as we became aware of the situation, we immediately took steps to contain it, and engaged leading\r\ncybersecurity experts to begin an investigation. We are also communicating with customers to provide updates\r\nabout the situation and the actions we are taking. \r\nhttps://www.bleepingcomputer.com/news/security/compucom-msp-hit-by-darkside-ransomware-cyberattack/\r\nPage 3 of 5\n\nWe are in the process of restoring customer services and internal operations as quickly and safely as possible. We\r\nregret the inconvenience caused by the interruption and appreciate the ongoing support of our customers.\" -\r\nCompuCom\r\nCompuCom confirms ransomware attack in FAQ\r\nToday, a CompuCom customer shared a 'Customer FAQ Regarding Malware Incident' that provides more details about the\r\nattack than the company shared in their press release.\r\nAccording to the FAQ, CompuCom was breached by threat actors who installed Cobalt Strike beacons on several systems in\r\ntheir environment. \r\nThese beacons allow remote threat actors access to the network to steal data, spread to other machines, and ultimately\r\ndeploy the ransomware, which the threat actors deployed on February 28th.\r\n\"Based on our expert's analysis to date, we understand that the attacker deployed a persistent Cobalt Strike backdoor to\r\nseveral systems in the environment and acquired administrative credentials. These administrative credentials were then used\r\nto deploy the Darkside Ransomware,\" the CompuCom FAQ reads.\r\nCobalt Strike is increasingly being deployed through a variety of Trojans installed via phishing campaigns. These Trojans\r\ninclude BazarLoader, TrickBot, ZLoader, and QBot.\r\nNow that DarkSide Ransomware has been confirmed to be behind the attack, it is likely that the threat actors harvested\r\nunencrypted files before encrypting the devices.\r\nIf data was stolen and a ransom is not paid, we will likely see this data published on their ransomware data leak site in the\r\nnext few weeks.\r\nIn the past, other companies hit by DarkSide include Discount Car and Truck Rentals, Brookfield Residential, and the\r\nBrazilian Eletrobras and Copel energy companies.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/compucom-msp-hit-by-darkside-ransomware-cyberattack/\r\nPage 4 of 5\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/compucom-msp-hit-by-darkside-ransomware-cyberattack/\r\nhttps://www.bleepingcomputer.com/news/security/compucom-msp-hit-by-darkside-ransomware-cyberattack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/compucom-msp-hit-by-darkside-ransomware-cyberattack/"
	],
	"report_names": [
		"compucom-msp-hit-by-darkside-ransomware-cyberattack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434022,
	"ts_updated_at": 1775826785,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bb94fd46593257267d199d7c0e1ec0228cdb5406.pdf",
		"text": "https://archive.orkl.eu/bb94fd46593257267d199d7c0e1ec0228cdb5406.txt",
		"img": "https://archive.orkl.eu/bb94fd46593257267d199d7c0e1ec0228cdb5406.jpg"
	}
}