The Clop ransomware attacked the German Software AG company

The ransomware attacked Software AG
Written by Emma Davis

In early October 2020, The Clop ransomware operators attacked the German IT company Software AG and demanded a ransom about $23,000,000 (2,083,0069 BTC).

ZDNet journalists report that the attack took place on October 3, 2020. That time the attackers encrypted the company’s files and switched to blackmail.

Last weekend, following the collapse of negotiations, The Clop’s operators posted screenshots of the data stolen from the company on their darknet site. Let me remind you that a similar strategy appeared in various ransomware campaigns this year.

The screenshots posted by the cybercriminals show scans of passports and other employee IDs, their emails, financial documents and various directories from the company’s internal network.

The ransomware attacked Software AG
Software AG representatives admit that the company suffered “from a malware attack.” At first, the company said that the operation of all services, including cloud services, remained unchanged, and customer data was not affected.

However, this statement was revised in a later press release: two days later, Software AG admitted that the hackers still managed to steal the data.

Today, Software AG has obtained first evidence that data was downloaded from Software AG’s servers and employee notebooks. There are still no indications for services to the customers, including the cloud-based services, being disrupted. Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as soon as possible which had been shut down for security reasons.said in the company’s press release.

A copy of the ransomware binary used against Software AG discovered cybersecurity researcher MalwareHunterTeam last week. Reporters and a researcher emphasize that the $23 million ransom demanded by hackers is one of the largest in history.

The special ID provided by the cybercriminals in the ransomware message allowed researchers to view an online chat on the hackers’ site, in which The Clop’s operators planned to negotiate with representatives of Software AG.

Based on the chat logs, no negotiations were held and the German company did not pay the ransom.said MalwareHunterTeam researchers.

Software AG is engaged in software development and has existed since 1969. The company has more than 5,000 employees and Software AG has offices in 70 countries.

Software AG’s client list includes government, banking, transportation, insurance, retail and many others. Among them: Airbus, Lufthansa, DHL, Telefonica, Credit Suisse and Continental.

Let me also remind you that the crimes of ransomware operators have already gone beyond the purely financial framework. Recently happened the first death due to ransomware attack: German hospital patient dies.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply