Clop ransomware hits Software AG, demands $20 million+ ransom

 hackread.com  10/10/2020 19:42:25 

Software AG, a German tech giant had its helpdesk and internal communication systems discrupted after Clop ransomware attack.

Over the weekend, Germany’s second-largest tech firm Software AG suffered a ransomware attack. The company had to shut down many of its internal systems. Allegedly, the attackers took company data and demanded over $20 million (17 million) in ransom.

According to the company, its cloud offerings weren’t affected; however, its internal communications and helpdesk went offline and haven’t recovered fully as yet.

See: Clop ransomware group leak pharmaceutical giant’s data on dark web

Software AG is one of the world’s leading software firms with over 10,000 enterprise customers in 70 countries, including Fujitsu, Vodafone, Airbus, and Telefonica. The company’s product portfolio includes business infrastructure software such as enterprise service bus (ESB) frameworks, database systems, business process management systems (BPMS), and software architecture (SOA).

Hackread.com can confirm that the Clop ransomware group is responsible for breaching Software AG’s internal network which happened on October 3rd. The attackers are claiming to steal company’s data and demandeding ransom in exchange for the decryption key.

In a press release on October 5th, Software AG wrote that:

The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020. While services to its customers, including its cloud-based services, remain unaffected, as a result, Software AG has shut down the internal systems in a controlled manner in accordance with the company’s internal security regulations. The company is in the process of restoring its systems and data in order to resume orderly operation. However, helpdesk services and internal communication at Software AG are currently still being affected.

As of now, the attackers have leaked several screenshots taken from the stolen Software AG’s data. These screenshots show company’s financial documents, employee ID scans and passport, employee emails, and internal network directories.

German tech giant Software AG suffers ransomware attack

One of the folders and passport files leaked by the Clop ransomware group on its official website.

In October 8th press release, the company acknolweged that its data was downloaded by attackers.

Today, Software AG has obtained first evidence that data was downloaded from Software AG’s servers and employee notebooks. There are still no indications for services to the customers, including the cloud-based services, being disrupted. The company is refining its operations and internal processes continuously. Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as soon as possible which had been shut down for security reasons.

As per the analysis of MalwareHunterTeam, the Clop gang took approx. one terabyte of data from the tech firm. They also posted an alleged ransom note that they claim was sent to Software AG from the Clop ransomware group.

German tech giant Software AG suffers ransomware attack

Clp ransomware gang’s ransom note for Software AG – Image credit: MalwareHunterTeam on Twitter

The clop gang has been targeting enterprises since 2019. Its key targets are companies in the US, Europe (espicially Germany), India, Russia, Mexico, and Turkey. The complete list of Clop ransomware’s victims is available below:

INRIX
Polyvlies
IndiaBulls
Hoedlmayr
ExecuPharm
NETZSCH Group
PlanatolPlanatol
ProMinent GmbH
Recreativos Franco
MVTec Software GmbH
NFT Distribution Holdings Ltd
Prettl Produktions Holding GmbH
IHI Charging Systems International
Technische Werke Ludwigshafen AG (TWL)

Did you enjoy reading this article? Do like our page onFacebookand follow us onTwitter.

« Go back

Top news today

Disneyland to reimagine Jungle Cruise ride following years of criticism 01/26/2021 03:17:02
Pau Gasol, Kobe Bryant and the bond of brothers - ESPN 01/25/2021 12:00:07
The viral meme of Bernie Sanders has been made into a crocheted doll, and it's now being auctioned for charity 01/26/2021 02:46:53
South Korea has used AI to bring a dead superstar's voice back to the stage 01/26/2021 02:34:40
Apple VP Dan Riccio to focus on ‘new project’ and step down as leader of hardware engineering 01/25/2021 23:48:00
Biden suggests US will get to 1.5 million vaccinations a day 01/01/2021 00:00:00
A Disney World ticket booker alerted police to a domestic violence victim after taking their call 01/26/2021 05:10:46
Sarah Sanders' run for Arkansas governor to test value of ties to Trump 01/26/2021 02:43:31
Biden's Justice Department investigates ITSELF over whether any employees tried to help Trump overturn election result 01/25/2021 21:41:17
Ex-Trump press sec. Huckabee Sanders announces run for Arkansas governor, pledges to defend against ‘radical left’ in DC 01/25/2021 13:58:31
An American Sign Language interpreter will now appear at all White House press briefings 01/26/2021 00:57:17
McConnell allows Senate power-sharing deal to advance after fight with Democrats over filibuster 01/26/2021 03:38:10
Keira Knightley will no longer strip down for male-directed sex scenes 01/25/2021 20:43:06
Covid-19 masks: Which mask is best for you, and when to use it 01/26/2021 00:53:31
Facebook bungling the WhatsApp privacy update drives people back to... ICQ 01/25/2021 12:42:00