iTWire contacted the company on Wednesday and received an acknowledgement that the inquiry, submitted through an online form on its website, had been received. There has been no reply.
DXP had annual revenue of US$1.27 billion (A$1.75 billion) in 2019, according to the MarketWatch website, with gross profit coming in at US$347.22 million. Its corporate office is in Houston, Texas.
The company has been in business since 1908. It was founded as Southern Engine and Pump Company, then rechartered as Sepco Industries and assumed its current name in 1996.
The people behind REvil, which is also known as Sodinokibi, make a ransom demand and then wait to hear from the victim. If the ransom is not paid, then some of the data that has been pilfered during the attack is published.
If a REvil victim is not persuaded by this, then more data is made public. REvil also posts data on underground forums for other miscreants to pick up and use for their own nefarious purposes.
The ransomware is able to exploit a 2018 Windows vulnerability to elevate privileges, a flaw that Microsoft rates as important.
Contacted for comment, iTWire's regular commentator on ransomware, Brett Callow, said: "Ransomware groups frequently exfiltrate .pst files. This puts any organisation which has had dealings with the target company at significant risk, as the actors have everything they need to go on a spearphishing spree.
"And those phishing emails can be very convincing, perhaps even appearing to be replies to existing message threads."
Callow, who works as a ransomware threat analyst with New Zealand-headquartered security shop Emsisoft, added: "In these circumstances, it's critically important that that potentially at-risk parties be notified of the breach so that they can be on high alert."