CompuCom Systems that is into the field of IT management has made it official that hackers somehow infiltrated into its servers to induce a Cobalt Strike Backdoor, that later paved way to hackers to steal information related to administrative credentials. Then those login details were used to install DarkSide Ransomware that led to the locking of the database from further access.
Highly placed sources say that the infiltration could have taken place in November last year, where hackers installed a backdoor that was also used to test the cyber defense-line against various advanced cyber attacks.
Bleeping Computer that was first to spread news against DarkSide Ransomware says that CompuCom customers suffered an outage on the weekend when there could not open troubleshooting tickets on the company website as it was showing an error of ‘processing request’.
As those spreading DarkSide malware are first used to steal data and then encrypt files, there is a 99% possibility that a certain portion of data on CompuCom Servers could have been stolen before being encrypted.
If the data available from the past 6-8 months is taken into account, CompuCom is the 5th solution provider to suffer a ransomware attack following the line of Cognizant, Conduent, DXC Technology and Tyler Technologies.
Note- DarkSide ransomware spreading gang started their operations from Aug’2020 and have pledged that they will never attack organizations involved in COVID-19 vaccine or medicines, hospitals, educational institutes, and federal entities. And their style of attack is like that of a Robinhood where targets are preferred based on the ransom paying and recovering abilities financially.