IoT specialist Software AG hit by $23mn ransomware attack accessing staff data


Software AG, a Germany-based enterprise software company, has become the latest technology company to report a major ransomware attack, Jeremy Cowan reports.

Unconfirmed reports in German media indicate that employee data including passport & ID information and internal emails, have been accessed and encrypted by a gang named Clop after the ransomware it uses. A ransom of US$23 million (€19.50 million) is said to have been demanded for the data’s release. The IT company has annual revenues of more than €800 million.

According to the Darmstadt company, the attack began on the evening of October 3rd and Software AG was forced to suspend all internal communications. This took its customer helpdesk offline – a situation that continues at the time of writing.

Customers are still being directed to contact dedicated email addresses with any questions or concerns. Software AG has since confirmed it has evidence of data downloads being made due to a malware attack.

In its first public response the company said: “Today, Software AG has obtained first evidence that data was downloaded from Software AG’s servers and employee notebooks. There are still no indications for services to the customers, including the cloud-based services, being disrupted. The company is refining its operations and internal processes continuously.

“Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as soon as possible which had been shut down for security reasons.”

The Internet of Things (IoT) specialist claims more than 10,000 IT customers including Airbus, Credit Suisse bank, and the German airline Lufthansa. Following initial uncertainty Software AG now says that customer data has not been compromised. The data breach was revealed in an online update and in statements to German financial institutions. The company’s note said the attack had been ongoing since last Monday and had yet to be fully contained.

Commenting on the attack today, Boris Cipot, senior security engineer at Synopsys says, “No individual or organisation, big or small, is safe from cyber-attacks. Ransomware is a common attack type today, whereby an attacker penetrates the victim’s resources and encrypts or downloads the data on it. The victim then needs to pay a ransom in order to receive the decryption key and hope they get their data back and that it has not been downloaded to be misused later on.

“For individuals, private data, pictures and documents may be affected. For companies, the data held for ransom is likely even more important. Indeed, such attacks can cause government offices to shut down. While in the case of Software AG, it has not brought their whole operations to a standstill, it will be interesting to see what impact the reported breach had on the company and what they did to recover,” Cipot says.

“Ransomware, as any other malware, can spread through different ways. Usually, they come through as scams, such as fake software that promises to do something like remove viruses from your computer; or as phishing emails, that lures the user to install something on their computer. Therefore, be careful when installing or downloading files from the internet. Be careful when someone offers you something for free. As always on the internet – if it sounds too good to be true, then it probably is,” Cipot concludes.

Artificial Intelligence Universe