Security Experts:

Information Services Giant Wolters Kluwer Hit by Malware Attack

Global information services giant Wolters Kluwer has taken many of its applications and platforms offline after discovering malware on its systems.

The Netherlands-based company started seeing what it described as “technical anomalies” on May 6. This triggered an investigation that led to the discovery of malware.

“With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution. Unfortunately, this impacted our communication channels and limited our ability to share updates,” Wolters Kluwer stated on Wednesday.

The company said it found no evidence that customer data had been accessed or stolen, and there was no indication that its solutions had been leveraged to infect customers with malware.

Wolters Kluwer is a provider of professional information, software, and services for the healthcare, legal, financial and regulatory sectors. The company has customers in nearly every country around the world and last year it reported annual revenues of €4.3 billion ($4.8 billion).

One of the most impacted units of Wolters Kluwer appears to be CCH, which provides software and information services for accounting, tax, and audit workers. Many users have complained on social media about not being able to access CCH websites and cloud-stored tax data.

Security blogger Brian Krebs said he informed CCH on May 3 that directories containing new versions of its software had been configured to allow anyone to write files to them. Krebs said he had spotted “a few odd PHP and text files” in those folders.

Wolters Kluwer has not shared any information about the malware it detected on its systems. However, according to some reports, the incident involved MegaCortex, a piece of ransomware that has been increasingly used to target enterprises.

Sophos reported recently that a spike in MegaCortex attacks has been observed since May 1. The attacks targeted organizations around the world, including in Italy, the U.S., Canada, the Netherlands, Ireland and France.

Wolters Kluwer has started restoring its online services, but some of them continue to be offline.

Related: Aluminum Giant Norsk Hydro Hit by Ransomware

Related: Shipping Giant COSCO Hit by Ransomware

Related: UK Police Federation Hit by Ransomware

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.