A company spokesperson told iTWire on Monday that they were aware that data from its South African servers had been made available for download after the attack.
Three lots of data have been put on the dark web by the gang that used Cl0p, including financial statements and email correspondence. A screenshots of one employee's passport has been leaked, plus a list of clients and some miscellaneous sales orders.
The criminals have sought a ransom of US$23 million, according to the ransom note made public by security outfit MalwareHunterTeam.
Here is the ransom note:— MalwareHunterTeam (@malwrhunterteam) October 9, 2020
"HELLO DEAR SOFTWARE AG"
How kind of them to use "dear", no?
The Software AG spokesperson said: "Our investigations team is currently analysing the data and its nature. We will contact anyone impacted as soon as we confirm that it is likely that their data has been compromised. This is naturally a concerning time for our customers and our employees and we are doing all we can to support them.
"We have put in place additional monitoring in order to ensure we are alerted to any illegal activity. In the meantime, we have advised all customers and employees to continue to ensure that their own cyber security precautions are hardened and to contact us if they see any suspicious activity that they think might be related.
"Since the attack we have brought two external security companies on board who support us both on-site and remotely. We have divided our IT team into sub-groups in order to ensure 24-hour operation together with the external security specialists. Our customers’ cloud services and customer support activities remain unaffected by the attack.
"We are in contact with the relevant authorities with regard to our reporting and regulatory obligations. We will continue to work with each affected customer and employee to ensure they are supported adequately at this time.”