German software giant Software AG has become the latest victim of a ransomware attack this year after having a number of its files encrypted and stolen.
The company was hit by a known ransomware gang known as ‘Clop’ – the hackers accessed a Software AG internal network before encrypting and copying files. The affected files so far revealed include employee passport and ID scans, employee emails, financial documents, and directories from the company’s network.
It is unclear if the company’s customer data were included in the attack. Software AG’s products are used by over 10,000 businesses, including Airbus, Lufthansa, Credit Suisse and the US House of Representatives.
A representative of Clop claimed the group had stolen around a terabyte of data.
The breach took place over the weekend of October 3. The company revealed the hack on October 5 when it said its internal network was being disrupted by a malware attack. On the same day, Software AG said that it had shut down its internal systems in a controlled manner to contain the hackers.
The hackers set a $23 million ransom for the decryption key, according to data security group Malware Hunter Team. While there is usually a major difference between the ransom demand and the actual amount paid, and a lack of reliable information on the subject, this is one of the largest ransomware demands ever made.
On October 9, Clop released screenshots of Software AG’s files on a leak site after negotiations between the two broke down. One of these screenshots claimed to show the personal details of Software AG CEO Sanjay Brahmawar, including a passport scan.
Clop, the gang behind the attack, is named for the Clop software it uses. This malware encrypts data and adds the file extension ‘.clop’ to affected files.
Although its internal server were breached, Software AG said its customer services were not affected by the attack.
“Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as soon as possible which had been shut down for security reasons,” the company said in a statement on October 8.
- Leader Insights | Cybersecurity essentials with CISO Jordan Schroeder
- Ciaran Martin | Emerging cyber threats and their unintended consequences
- CyberScotland Week to return as pandemic drives up cyberattacks
2020 has seen a major rise in ransomware attacks. A recent report from Bitdefender claimed that the number of cases involving ransomware has grown 715% compared to 2019.
Cloud computing services company Blackbaud was hit in May, with the attack harvesting details from many of its clients. The company recently revealed that the hackers were able to access unencrypted financial details.