Why ScanSource’s Stock Price Is Up After Ransomware Attack
Ransomware attacks no longer have the immediate ‘shock and awe’ they once did. But there are still a lot of unknowns about the full impacts of the attack against the IT distributor.
Following a ransomware attack against ScanSource that appears to have crippled digital systems including much of its website, shareholders in the publicly traded IT distributor could not have been less fazed.
Not only has ScanSource’s stock price averted taking a hit following the Tuesday disclosure of the attack, but shares in the company have actually gone up.
ScanSource (Nasdaq: SCSC) has seen its stock price climb during regular trading on both of the days since the ransomware incident was made public — rising 1 percent on Wednesday and another 3 percent on Thursday, closing at $29.58 a share during regular trading Thursday.
It’s pretty clear why the incident hasn’t hurt ScanSource’s stock price, according to Paul Furtado, a vice president and analyst at Gartner. In and of itself, ransomware “doesn’t have the shock and awe that it used to,” Furtado told CRN.
As just one barometer of the prevalence of the issue, 73 percent of surveyed organizations acknowledged being the victim of a successful ransomware attack in 2022 alone, according to a Barracuda Networks report.
In the past, Furtado said he closely tracked the impact of ransomware events on victim companies’ stock prices. But he stopped doing that around late 2021, once it became apparent that ransomware either was having no affect on stock prices, or the impact was short-lived.
“It no longer is necessarily the black mark on a business, simply because they’ve been through a cyber event,” he said.
In ScanSource’s case, another possible factor at play here is that the company has been “fairly public” about the incident, according to Steve Povolny, director of security research at cybersecurity vendor Exabeam.
ScanSource issued a press release disclosing the attack after the stock market closed on Tuesday, which was two days after the company says it discovered the incident.
“They’ve given some details on it. You don’t want to give too much too early. But I think that’s a real positive here,” Povolny said.
By contrast, following the disclosure by hacker group Lapsus$ last year that it had breached a third-party service provider used by Okta, shareholders punished the company for not disclosing the incident first.
ScanSource’s stock price may also be benefitting from the fact that this attack was announced during a week when the Nasdaq Composite, which the company is included in, has been rallying.
The Nasdaq Composite rose 0.8 percent on Wednesday and then gained 1.5 percent on Thursday, reaching a nearly nine-month high amid optimism about debt-ceiling negotiations, according to MarketWatch.
At the same time, there are still many unknowns about the full extent of the impacts from the ScanSource ransomware attack. The company’s statement is that the attack has “impacted some of its systems,” and that the effects have been felt by “employees, customers and suppliers” in geographies including North America.
ScanSource is “working diligently to bring affected systems back online, while also mitigating the impact on its business,” the company said in the statement Tuesday, adding that it “regrets any inconvenience or delays in business this may cause customers and suppliers in North America and Brazil.”
ScanSource told CRN that it had no further information to share on Wednesday, and did not immediately respond to an email Thursday. Besides the company’s scaled-back homepage at scansource.com, other pages on the website viewed by CRN continued to display a “404: Not Found” message on Thursday.
Still unknown are details such as the initial entry point for the attacker, the full extent of the ScanSource systems that have been impacted and whether any data — including customer data — was stolen during the attack.
Notably, many ransomware incidents do now include data theft as a component of the attack, often as an added extortion method for an attacker. Ransomware response firm Coveware, for instance, reported in mid-2022 that 86 percent of its ransomware cases at the time included a threat that stolen data could be leaked.
Details about the perpetrator of the ScanSource attack and any possible ransom demand have also not been revealed so far.
Clock Is Ticking
It’s typical and expected for an organization hit with a highly disruptive cyberattack to prioritize restoring its systems and investigating the incident — and to only disclose details about root cause and potential data impacts later on, according to tech industry veteran Zane Bond.
In some cases, disclosing incomplete information early on could end up causing problems for a company down the road, while sharing certain details might actually pose a security risk itself, said Bond, who is currently head of product at cybersecurity vendor Keeper Security.
But inevitably, ScanSource will be expected to provide additional information. And depending on what that info turns out to be, “that can affect the shareholder pricing over time,” he said.
Ultimately, “the details of the breach are more important than the breach itself,” Bond said.
Shareholders may also become unhappy if it seems to take too long for more information to be released, according to Neal Dennis of threat intelligence firm Cyware.
“If they don’t give an update on what they’ve done mitigation-wise — or what the actual doorway was to this problem — if we don’t get some of that, then I think people in general start getting a little concerned,” said Dennis, a threat intelligence specialist at the company. “I think there will be a timeframe where some kind of public [disclosure] is required on the ‘how’ of what happened.”