The malicious actors behind the Clop ransomware compromised the network of German enterprise software giant Software AG and stole the company’s data.
According to Software AG’s press release issued last week, the attack took place on October 3. Due to the incident the tech giant was forced to shut down its internal systems.
“The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020. While services to its customers, including its cloud-based services, remain unaffected, as a result, Software AG has shut down the internal systems in a controlled manner in accordance with the company's internal security regulations,” the company revealed.
At the time, the software maker said that there was no evidence the customer information was compromised during the cyber attack. However, three days later the company confirmed that “data was downloaded from Software AG's servers and employee notebooks.”
Although Software AG did not disclose any additional details regarding the incident, according to MalwareHunterTeam, the culprit behind the attack is the Clop ransomware gang. The researcher was able to obtain the Software AG ransom note and a link to a chat on Clop's Tor payment site from the Clop ransomware executable used in the attack on the German company.
According to the ransom note, in order to receive a decryption key Software AG must pay $23,000,000 (or 2083,0069 BTC). The hackers also published screenshots showing a portion of data allegedly stolen from Software AG on their leak site. The screenshots show employee passport and ID scans, employee emails, financial documents, and folders from the company's internal network.
The Clop gang also threatened to release nearly 1 TB of data allegedly stolen from Software AG, including "documents, contracts, reports, mail correspondence, contact lists, certificates, etc."