Global information services giant Wolters Kluwer has taken many of its applications and platforms offline after discovering malware on its systems.
The Netherlands-based company started seeing what it described as “technical anomalies” on May 6. This triggered an investigation that led to the discovery of malware.
“With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution. Unfortunately, this impacted our communication channels and limited our ability to share updates,” Wolters Kluwer stated on Wednesday.
The company said it found no evidence that customer data had been accessed or stolen, and there was no indication that its solutions had been leveraged to infect customers with malware.
Wolters Kluwer is a provider of professional information, software, and services for the healthcare, legal, financial and regulatory sectors. The company has customers in nearly every country around the world and last year it reported annual revenues of €4.3 billion ($4.8 billion).
One of the most impacted units of Wolters Kluwer appears to be CCH, which provides software and information services for accounting, tax, and audit workers. Many users have complained on social media about not being able to access CCH websites and cloud-stored tax data.
Security blogger Brian Krebs said he informed CCH on May 3 that directories containing new versions of its software had been configured to allow anyone to write files to them. Krebs said he had spotted “a few odd PHP and text files” in those folders.
Wolters Kluwer has not shared any information about the malware it detected on its systems. However, according to some reports, the incident involved MegaCortex, a piece of ransomware that has been increasingly used to target enterprises.
Sophos reported recently that a spike in MegaCortex attacks has been observed since May 1. The attacks targeted organizations around the world, including in Italy, the U.S., Canada, the Netherlands, Ireland and France.
Wolters Kluwer has started restoring its online services, but some of them continue to be offline.
Related: Aluminum Giant Norsk Hydro Hit by Ransomware
Related: Shipping Giant COSCO Hit by Ransomware
Related: UK Police Federation Hit by Ransomware

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
