Software AG, a German IT firm that specializes in enterprise IoT software, has suffered a ransomware attack. Darmstadt, Germany-based Software AG serves around 10,000 customers in more than 70 countries, has around 5,000 employees, and annual revenues in excess of €800 million.
On the evening of October 3, 2020, malware was installed on its network, according to a company press release. The attack was limited to its internal environment and customers’ cloud environments were unaffected. The firm is still able to provide services to customers but had to take its internal networks offline and its internal communication and online helpdesk remain out of action. The firm is currently systematically restoring systems and data and expects to resume normal operations soon.
While the company appears to now be on the road to recovery without paying the ransom demand, last week the Software AG confirmed that prior to the deployment of ransomware, evidence was found indicating the attackers stole data from its servers and employees notebooks.
While Software AG made no mention of ransomware in its press release, MalwareHunterTeam managed to obtain a copy of the ransom note which indicates the attack involved Clop ransomware. The Tor payment site used by the ransomware operators indicates a $23 million ransom demand was issued for the keys to unlock the encrypted files and prevent the publication of the stolen data. The attackers threatened to publish all data downloaded from Software AG on its portal if the ransom is not paid. The attackers claim to have stolen around 1 TB of data from the firm.
According to ZDNet, Software AG had refused to pay the ransom demand and some of the data stolen in the attack has already been published in an attempt to pressure the IT giant to make payment. Software AG issued a statement saying it is taking steps to contain the data leak.