Software AG Hit by Data-Stealing Ransomware Attack

A major German enterprise software company has become the latest tech name to suffer a likely ransomware attack featuring information theft.

IoT specialist Software AG, which claims to have over 10,000 customers and annual revenue exceeding €800m, revealed the news in a brief update late last week.

The note claimed the attack had been ongoing since Monday and had yet to be fully contained.

“Today, Software AG has obtained first evidence that data was downloaded from Software AG’s servers and employee notebooks. There are still no indications for services to the customers, including the cloud-based services, being disrupted. The company is refining its operations and internal processes continuously,” it explained on October 8.

“Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as soon as possible which had been shut down for security reasons.”

Although the firm’s website appears to be up and running as normal, it is requesting users with support issues to email their problem and leave a number for call back, “due to technical issues with our online support system.”

Researchers MalwareHunterTeam posted on social media that the firm had been hit by the Clop variant, one which usually demands a ransom of $20 million. The group apparently claims to have swiped around a terabyte of data.

The incident is yet another sign of ransomware groups increasingly going after large enterprise targets with deep pockets. They will often perform detailed reconnaissance before striking in advanced multi-stage attacks using APT-style tactics to stay hidden while exfiltrating data and finally deploying the ransomware.

An attack on IT services giant Cognizant cost the firm an estimated $50-70m in Q2 2020, it admitted earlier this year.

What’s Hot on Infosecurity Magazine?