Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Enterprise Solutions Provider ‘Software AG’ Hit by Clop Ransomware

German enterprise solutions giant Software AG revealed last week that it had been targeted by cybercriminals with the Clop ransomware.

Software AG operates across more than 70 countries around the world and it has over 5,000 employees. It claims that its solutions are used by more than 10,000 of the world’s biggest brands.

German enterprise solutions giant Software AG revealed last week that it had been targeted by cybercriminals with the Clop ransomware.

Software AG operates across more than 70 countries around the world and it has over 5,000 employees. It claims that its solutions are used by more than 10,000 of the world’s biggest brands.

The company disclosed the incident on October 5, when it reported being hit by a malware attack on October 3. Software AG said at the time that it had shut down some internal systems in response to the breach.

The company said its helpdesk services and internal communications were impacted, but claimed that cloud-based services were not affected and that it found no evidence of customer information being compromised.

However, in an update shared on October 8, the company said the malware had not been fully contained and it had found evidence that the attackers did in fact download data from servers and employee notebooks.

Researchers at MalwareHunterTeam said on Saturday that the attack involved the Clop ransomware, and they noticed what appeared to be a new feature — the use of wevtutil.exe to clear event logs. They also noted that the sample that hit Software AG checked for the presence of McAfee software and attempted to uninstall it, but it’s unclear if the attackers somehow learned that the target was using McAfee products or if this functionality was added to the malware for a different target.

The Tor-hosted website where the group behind the Clop ransomware leaks data stolen from victims that refuse to pay the ransom claims that the first part of the stolen files will be made public soon.

Advertisement. Scroll to continue reading.

Screenshots posted by the hackers show that they have obtained tens of gigabytes of data representing more than one million files. They appear to have obtained passport copies, invoices, and emails.

Bleeping Computer has learned from the Clop payment page associated with Software AG that the attackers have asked for more than 2,000 bitcoin, which is roughly $23 million.

SecurityWeek has reached out to Software AG for confirmation of the ransom demand and will update this article if the company responds.

The Clop ransomware is also known to have targeted the University of Maastricht in the Netherlands, which revealed earlier this year that it had paid a $240,000 ransom in response to the attack.

Related: Double Extortion: Ransomware’s New Normal Combining Encryption with Data Theft

Related: Seven Ransomware Families Target Industrial Software

Related: University Project Tracks Ransomware Attacks on Critical Infrastructure

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...