fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Software AG IT Giant Hit With $23 Million Ransom By Clop Ransomware

Software AG IT Giant Hit With $23 Million Ransom By Clop Ransomware

The Clop ransomware gang hit the network of German enterprise software giant Software AG last Saturday, asking for a ransom of $23 million after stealing employee information and company documents.

Software AG is a software company headquartered in Darmstadt, Germany, with more than 5,000 employees and operations in over 70 countries around the globe.

Software AG’s customer list includes organizations from government, banking, transportation, insurance, retail, and more, Airbus, Lufthansa, DHL, Telefonica, Credit Suisse, and Continental being just a small sample of the 70% of Fortune 1000 companies that use its products.

Attack affected Software AG’s internal network

“The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020,” says a press release issued by the company on Monday.

Software AG also says that the ransomware attack only affected its internal network while customer cloud services were unaffected.

Also Read: 10 Practical Benefits of Managed IT Services

“While services to its customers, including its cloud-based services, remain unaffected, as a result, Software AG has shut down the internal systems in a controlled manner in accordance with the company’s internal security regulations,” the software giant adds.

“The company is in the process of restoring its systems and data in order to resume orderly operation.” Software AG added that its internal communication and helpdesk services are still affected by the attack. 

In a press release published three days later, on Thursday, Software AG said that it found “first evidence that data was downloaded from Software AG’s servers and employee notebooks.”

Clop ransomware asks for a $23 million ransom

The company says that this was a “malware attack” and doesn’t mention any details related to ransomware in its press releases.

However, BleepingComputer was able to obtain the Software AG ransom note and a link to their chat on Clop’s Tor payment site from security researcher MalwareHunterTeam.

MalwareHunterTeam told BleepingComputer that they gained access to this information after finding the Clop ransomware executable used in the attack on Software AG.

Software AG ransom note

The Tor payment site showing the Software AG ransom demand shows that the ransom asked by Clop for decrypting all encrypted computers on the company’s network is $23,000,000 (or 2083,0069 BTC).

Also Read: 8 Simple Ways To Improve Your Website Protection

According to the chat section of Clop ransomware’s leak site, the attackers were able to steal information on employees’ passports, health bills, and emails, also publishing a screenshot with a folder tree containing additional info potentially stolen from Software AG.

The chat on the Software AG payment site shows the Clop actors threatening to publish the entire batch of roughly 1 TB of data they claim to have stolen from Software AG’s devices including “documents, contracts, reports, mail correspondence, contact lists, certificates, etc.”

Clop ransomware was also behind the attack on Maastricht University on December 23, 2019. In February, Maastricht University confirmed that it paid the 30 bitcoin ransom requested by the Clop ransomware gang.

BleepingComputer has contacted Software AG with questions related to this attack but has not heard back at this time.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us