IT and telecom distributor ScanSource said Tuesday that its operations are “fully” restored, a month after the discovery of a ransomware attack that crippled key systems including much of its website.
“Today, ScanSource is fully operational across all areas of the business in all geographies,” the Greenville, S.C.-based company said in a news release Tuesday.
The ransomware attack was discovered by ScanSource May 14 and had a major impact on ScanSource systems for nearly two weeks. “The company’s core systems were restored and operations resumed on Friday, May 26,” ScanSource said in the news release Tuesday.
The remaining impacts have now been addressed, according to the company.
“We are pleased to be back to business as usual and look forward to continuing to help our partners grow their business,” said Mike Baur, ScanSource’s chairman and CEO, in the release.
The effects of the ransomware attack had impacted customers and suppliers in geographies including North America, the company had said.
After discovering the attack, ScanSource said it “immediately” began investigating while also implementing the company’s incident response plan.
ScanSource has not gone into detail on which systems were affected, but previously referred to an “impact on its employees, customers and suppliers.”
While total ransomware attacks fell in 2022 from the peak of the prior year, there has been a “substantial increase” on several barometers of ransomware activity in 2023 so far, said Mark Lance, vice president for digital forensics and incident response (DFIR) and threat intelligence at GuidePoint Security, in a previous interview with CRN.
On the whole, ransomware-focused threat actors “came out of the gates gunning” in 2023, Lance said. Ransomware activity during the first quarter of the year, for instance, was “back to rates that were more [in line with what] we saw in 2021,” he said.