ScanSource ‘Has Resumed’ Operations After Ransomware Attack
ScanSource tells CRN that after “tireless work,” the company has now resumed regular business operations after being hit by a ransomware attack more than two weeks ago.
ScanSource’s official homepage was back online as of Tuesday.
The IT services and telecom distributor confirmed on May 16 that it had been hit by a ransomware attack that created issues with some of ScanSource’s basic digital systems, including its website, which impacted customers and suppliers in North America.
“As a result of the diligent and tireless work of our teams, ScanSource has resumed business operations,” said a ScanSource spokesperson in an email to CRN.
Furthermore, the Greenville, S.C.-based company said it was “excited” to be serving its channel partners once again.
“We are excited to be back serving our channel partners and helping to grow their businesses. Thank you to our partners and suppliers for their patience and support,” ScanSource said.
ScanSource Ransomware Attack
ScanSource is a global tech distributor that connects devices to the cloud for customers across hardware, SaaS, connectivity and cloud computing.
On May 16, ScanSource sent out a release explaining that it was subject to a ransomware attack, which was initially discovered by the company on May 14. The ransomware attack impacted employees, customers and suppliers for several days. The company pointed to North America and Brazil as among the affected geographies.
ScanSource immediately began investigating the attack while also implementing its incident response plan.
“ScanSource is actively managing the incident and is taking steps toward remediation,” said ScanSource in a statement on May 16. “The Company is working closely with forensic and cybersecurity experts to investigate the extent of the incident, minimize disruption and mitigate the situation. ScanSource has notified law enforcement authorities.”
ScanSource isn’t the first major player in the channel to become the victim of a significant cyberattack.
In July 2022, IT solution provider powerhouse SHI International confirmed it was hit by a “coordinated and professional malware attack” over the Fourth of July holiday weekend. More than a week after the attack, SHI International said that the “vast majority” of its internal and external-facing systems were fully operational.
In late July 2021, Accenture suffered a cyberattack that utilized the LockBit ransomware. After containing the incident and isolating impacted servers Accenture was able to fully restored its affected servers from back up.