Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Ransomware Group Claims Attack on Constellation Software

The Alphv/BlackCat ransomware group claims to have stolen more than 1TB of data from Constellation Software.

The Alphv/BlackCat ransomware group has claimed responsibility for a cyberattack that Canadian software company Constellation Software disclosed last week.

Toronto-based Constellation Software is a company specialized in the acquisition of vertical market software firms. With a few notable exceptions, the company’s acquisitions have been small, of less than $5 million in value.

On May 4, Constellation Software revealed that it fell victim to a cyberattack that impacted “a limited number of its IT infrastructure systems”. The attack occurred on April 3, 2023.

The compromised systems were “related to internal financial reporting and related data storage by the operating groups and businesses of Constellation”, the company says in an incident notice on its website.

According to the software giant, the attack did not impact the IT systems of its operating groups and businesses and did not affect its business operations.

“The incident has since been contained, and impacted systems have now been restored,” Constellation notes.

The company says that a limited amount of personal information was compromised during the incident, along with a limited amount of business partner data.

Advertisement. Scroll to continue reading.

While Constellation Software did not say what type of cyberattack, the Alphv/BlackCat ransomware gang last week posted on its leak site an entry about the incident, claiming to have stolen over one terabyte of data from the company.

Claiming to have had access to Constellation Software’s network for a long period of time, the attackers published a series of screenshots depicting documents allegedly stolen during the attack.

What is unclear yet, however, is whether Constellation Software detected the attack before file-encrypting ransomware was executed on its systems.

The company has not shared information on the number of potentially impacted individuals either.

SecurityWeek has emailed Constellation Software for additional details on the incident and will update this article as soon as a reply arrives.

Related: Western Digital Confirms Ransomware Group Stole Customer Information

Related: RTM Locker Ransomware Variant Targeting ESXi Servers

Related: Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.


The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group.