IoT specialist Software AG hit by $23mn ransomware attack accessing staff data

Software AG, a Germany-based enterprise software company, has become the latest technology company to report a major ransomware attack, Jeremy Cowan reports.

Unconfirmed reports in German media indicate that employee data including passport & ID information and internal emails, have been accessed and encrypted by a gang named Clop after the ransomware it uses. A ransom of US$23 million is said to have been demanded for the data’s release. The IT company has annual revenues of more than €800 million.

According to the Darmstadt company, the attack began on the evening of October 3rd and Software AG was forced to suspend all internal communications. This took its customer helpdesk offline – a situation that continues at the time of writing.

Customers are still being directed to contact dedicated email addresses with any questions or concerns. Software AG has since confirmed it has evidence of data downloads being made due to a malware attack.

In its first public response the company said: “Today, Software AG has obtained first evidence that data was downloaded from Software AG’s servers and employee notebooks. There are still no indications for services to the customers, including the cloud-based services, being disrupted. The company is refining its operations and internal processes continuously.

“Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as soon as possible which had been shut down for security reasons.”

The Internet of Things (IoT) specialist claims more than 10,000 IT customers including Airbus, Credit Suisse bank, and the German airline Lufthansa. Following initial uncertainty Software AG now says that customer data has not been compromised. The data breach was revealed in an online update and in statements to German financial institutions. The company’s note said the attack had been ongoing since last Monday and had yet to be fully contained.

Commenting on the attack today, Boris Cipot, senior security engineer at Synopsys says, “No individual or organisation, big or small, is safe from cyber-attacks. Ransomware is a common attack type today, whereby an attacker penetrates the victim’s resources and encrypts or downloads the data on it. The victim then needs to pay a ransom in order to receive the decryption key and hope they get their data back and that it has not been downloaded to be misused later on.

Boris Cipot of Synopsys: What’s the impact on the company?

“For individuals, private data, pictures and documents may be affected. For companies, the data held for ransom is likely even more important. Indeed, such attacks can cause government offices to shut down. While in the case of Software AG, it has not brought their whole operations to a standstill, it will be interesting to see what impact the reported breach had on the company and what they did to recover,” Cipot says.

“Ransomware, as any other malware, can spread through different ways. Usually, they come through as scams, such as fake software that promises to do something like remove viruses from your computer; or as phishing emails, that lures the user to install something on their computer. Therefore, be careful when installing or downloading files from the internet. Be careful when someone offers you something for free. As always on the internet – if it sounds too good to be true, then it probably is,” Cipot concludes.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

Recent Articles

Accelerating digital transformation for a greener future

Posted on: May 13, 2021

As countries and economies prepare to come out of the pandemic, the way we run businesses will never be the same again, says Bhushan Patil, SVP EMEA, Tech Mahindra.

Read more

Trust platform design suite speeds embedded security implementations

Posted on: May 13, 2021

In 2019, Microchip Technology released its Trust Platform for its CryptoAuthenticationfamily, bringing the pre-provisioned solutions for hardware-based secure elements to companies of all sizes that want an easy way to implement secure authentication.

Read more