German enterprise solutions giant Software AG revealed last week that it had been targeted by cybercriminals with the Clop ransomware.
Software AG operates across more than 70 countries around the world and it has over 5,000 employees. It claims that its solutions are used by more than 10,000 of the world’s biggest brands.
The company disclosed the incident on October 5, when it reported being hit by a malware attack on October 3. Software AG said at the time that it had shut down some internal systems in response to the breach.
The company said its helpdesk services and internal communications were impacted, but claimed that cloud-based services were not affected and that it found no evidence of customer information being compromised.
However, in an update shared on October 8, the company said the malware had not been fully contained and it had found evidence that the attackers did in fact download data from servers and employee notebooks.
Researchers at MalwareHunterTeam said on Saturday that the attack involved the Clop ransomware, and they noticed what appeared to be a new feature — the use of wevtutil.exe to clear event logs. They also noted that the sample that hit Software AG checked for the presence of McAfee software and attempted to uninstall it, but it’s unclear if the attackers somehow learned that the target was using McAfee products or if this functionality was added to the malware for a different target ..
Support the originator by clicking the read the rest link below.
