{
	"id": "cf99c307-3227-4be7-9faa-eff3043cf386",
	"created_at": "2026-04-06T00:07:41.639449Z",
	"updated_at": "2026-04-10T13:12:05.685011Z",
	"deleted_at": null,
	"sha1_hash": "cd30dd76b73734ac7bd6e34887be3096430aea92",
	"title": "Software AG IT giant hit with $23 million ransom by Clop ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3781677,
	"plain_text": "Software AG IT giant hit with $23 million ransom by Clop ransomware\r\nBy Sergiu Gatlan\r\nPublished: 2020-10-09 · Archived: 2026-04-05 20:26:40 UTC\r\nThe Clop ransomware gang hit the network of German enterprise software giant Software AG last Saturday, asking for a\r\nransom of $23 million after stealing employee information and company documents.\r\nSoftware AG is a software company headquartered in Darmstadt, Germany, with more than 5,000 employees and operations\r\nin over 70 countries around the globe.\r\nSoftware AG's customer list includes organizations from government, banking, transportation, insurance, retail, and more,\r\nAirbus, Lufthansa, DHL, Telefonica, Credit Suisse, and Continental being just a small sample of the 70% of Fortune 1000\r\ncompanies that use its products.\r\nhttps://www.bleepingcomputer.com/news/security/software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nAttack affected Software AG's internal network\r\n\"The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020,\" says a press\r\nrelease issued by the company on Monday.\r\nSoftware AG also says that the ransomware attack only affected its internal network while customer cloud services were\r\nunaffected.\r\n\"While services to its customers, including its cloud-based services, remain unaffected, as a result, Software AG has shut\r\ndown the internal systems in a controlled manner in accordance with the company's internal security regulations,\" the\r\nsoftware giant adds.\r\n\"The company is in the process of restoring its systems and data in order to resume orderly operation.\" Software AG added\r\nthat its internal communication and helpdesk services are still affected by the attack. \r\nIn a press release published three days later, on Thursday, Software AG said that it found \"first evidence that data was\r\ndownloaded from Software AG's servers and employee notebooks.\"\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nClop ransomware asks for a $23 million ransom\r\nThe company says that this was a \"malware attack\" and doesn't mention any details related to ransomware in its press\r\nreleases.\r\nHowever, BleepingComputer was able to obtain the Software AG ransom note and a link to their chat on Clop's Tor payment\r\nsite from security researcher MalwareHunterTeam.\r\nMalwareHunterTeam told BleepingComputer that they gained access to this information after finding the Clop ransomware\r\nexecutable used in the attack on Software AG.\r\nSoftware AG ransom note\r\nThe Tor payment site showing the Software AG ransom demand shows that the ransom asked by Clop for decrypting all\r\nencrypted computers on the company's network is $23,000,000 (or 2083,0069 BTC).\r\nhttps://www.bleepingcomputer.com/news/security/software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware/\r\nPage 3 of 5\n\nAccording to the chat section of Clop ransomware's leak site, the attackers were able to steal information on employees'\r\npassports, health bills, and emails, also publishing a screenshot with a folder tree containing additional info potentially\r\nstolen from Software AG.\r\nThe chat on the Software AG payment site shows the Clop actors threatening to publish the entire batch of roughly 1 TB of\r\ndata they claim to have stolen from Software AG's devices including \"documents, contracts, reports, mail correspondence,\r\ncontact lists, certificates, etc.\"\r\nClop ransomware was also behind the attack on Maastricht University on December 23, 2019. In February, Maastricht\r\nUniversity confirmed that it paid the 30 bitcoin ransom requested by the Clop ransomware gang.\r\nBleepingComputer has contacted Software AG with questions related to this attack but has not heard back at this time.\r\nhttps://www.bleepingcomputer.com/news/security/software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware/"
	],
	"report_names": [
		"software-ag-it-giant-hit-with-23-million-ransom-by-clop-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434061,
	"ts_updated_at": 1775826725,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cd30dd76b73734ac7bd6e34887be3096430aea92.pdf",
		"text": "https://archive.orkl.eu/cd30dd76b73734ac7bd6e34887be3096430aea92.txt",
		"img": "https://archive.orkl.eu/cd30dd76b73734ac7bd6e34887be3096430aea92.jpg"
	}
}