SHI Hit By ‘Coordinated And Professional Malware Attack’

The IT solutions provider’s email and website knocked out of action for a while, but says customers are safe.

ARTICLE TITLE HERE

SHI International, a major provider of IT products and services around the world, confirmed on Wednesday that it a suffered a major malware attack that apparently caused various disruptions over the Fourth of July holiday weekend.

In a blog post and in a message splashed across the front page of its website, the Somerset, N.J.-based SHI said it was the target of a “coordinated and professional malware attack” during the long weekend.

“Thanks to the quick reactions of the security and IT teams at SHI, the incident was swiftly identified and measures were enacted to minimize the impact on SHI’s systems and operations,” the company said in its message.

id
unit-1659132512259
type
Sponsored post

[RELATED: SHI International Malware Attack: 5 Big Things To Know]

“These preventative measures included taking some systems, including SHI’s public websites and email, offline while the attack was investigated and the integrity of those systems was assessed. As of this morning (July 6th), SHI staff now have access to email again and the IT teams at SHI continue to work on bringing other systems back to full availability in a secure and reliable manner.”

Indeed, as of 6 p.m. ET on Wednesday, SHI’s website was still largely down, except for the simple black-and-white message alerting readers to the company’s cybersecurity mishap.

Somewhat ominously, the weekend attack comes a year after IT management software company Kaseya was attacked by the ransomware gang REvil. The cyberattack left more than 36,000 MSPs without access to Kaseya‘s flagship VSA product for at least four days

SHI said in its message that law enforcement officials have been notified of the attack.

“While the investigation into the incident is ongoing – and SHI is liaising with federal bodies including the FBI and CISA – there is no evidence to suggest that customer data was exfiltrated during the attack,” the company said. “No third-party systems in the SHI supply chain were affected.”

According to BleepingComputer.com, after the attack, SHI apparently had a message on its website warning customers that its system were undergoing maintenance due to a “sustained outage.”

But that message was later replaced with its more formal statement published on its blog and website, BleepingComputer.com reported.

A representative for SHI could not be reached for comment.

SHI is a major player in the service provider world, with the firm recently making CRN’s 2022 Managed Service Provider 500 list.

In a recent press release, SHI boasted it generated $12.3 billion in revenue in 2021, with 5,000 employees around the world in operations centers in the U.S., the United Kingdom, and the Netherlands.

The company also says it provides services to more than 15,000 corporate, enterprise, public sector, and academic customer organizations worldwide.

Paco Lebron, president and CEO of Prodigy Teks, a Chicago-based MSP, said the attack on SHI is something all MSPs dread.

“It’s kind of the reason why some people can’t sleep at night,” said Lebron. “You can’t get away from this. This (attacks) is happening all the time.”

Noting that SHI is a large MSP, Lebron, who cohosts the weekly “MSP Unplugged” podcast, said he wouldn’t be surprised to hear that the firm was targeted precisely because of its prominence in the IT world.

“When you’re targeted like this, they (attackers) have really done their research on you,” he said.

He said the incident appears to show that MSPs, which are normally vigilant about protecting their customers, sometimes need to spend more time focusing on their own security needs.