German Software AG victim of Cl0p ransomware, data leaked

[German]German based Software AG, headquartered in Darmstadt and competitor of SAP, has fallen victim to a cyber attack. Currently, the websites are offline and the Cl0p gang publishes data that was captured in this attack.


Software AG, headquartered in Darmstadt, Germany, is one of the global market leaders in software solutions for businesses and related services. Its products make it possible to analyze and manage business processes and control IT infrastructures. In 2012, the company was the third largest software house in Germany after SAP SE and Diebold Nixdorf, and the seventh largest in Europe in terms of revenue. In March 2018, Software AG had 4,610 employees (according to Wikipedia) and revenue of €186.6 million in the first quarter of 2018.

Worldwide cyber attack

Last weekend Software AG was infected with malware, which was announced on Monday. The ARD stock exchange news had published only a short report on Tuesday, October 6, 2020. Since I am currently unable to access the German web pages of Software AG, I do not know whether a press release has been issued. On the english site they write:

Important customer information \Wichtige Kundeninformation

Due to technical issues with our online support system, we kindly ask you to send us an email with your problem description and a number for call back to the following mailbox:

Aufgrund eines technischen Vorfalls in unserem Online-Support-System bitten wir Sie, uns im Falle eines Problems über die folgende E-Mail-Adresse zu kontaktieren:
Bitte Problembeschreibung und Rückrufnummer angeben.

Software AG's ad hoc announcement still has the following wording:  

A-Adhoc: Software AG: Ad-hoc: Disruption of services due to malware attack

The IT infrastructure of Software AG is affected by a malware attack since the evening of 3 October 2020. While services to its customers, including its cloud-based services, remain unaffected, as a result, Software AG has shut down the internal systems in a controlled manner in accordance with the company's internal security regulations. The company is in the process of restoring its systems and data in order to resume orderly operation. However, helpdesk services and internal communication at Software AG are currently still being affected.

If required to secure its service levels, Software AG will enhance its interim helpdesk system. Software AG is not aware of any customer information being accessed by the malware attack. Software AG is further investigating the incident and is doing everything in its power to resolve the resulting disruption as soon as possible.

Darmstadt, October 05, 2020

Software AG

The Management Board

In the meantime, it is clear that data has been leaked (see below) and it is dawning on the Software AG management, too. In this article on the incident, published on, it says:

On October 5, 2020, Software AG announced that it was affected by a malware attack. The malware has not yet been fully contained and Software AG's systems are still affected by the attack.

Today, Software AG has received initial indications that data has been downloaded from Software AG servers and employee notebooks. There is still no indication that customer services, including cloud-based services, have been disrupted. The company is continuously optimizing its operations and internal processes.

Software AG is continuing to investigate the incident and is doing everything in its power to contain the data leakage and to resolve the ongoing disruption to its internal systems, in particular to bring the internal systems that were shut down for security purposes back online as soon as possible.

Darmstadt, October 8, 2020
Software AG The Executive Board

According to the announcements, the ransomware infestation is probably still not contained. And if I now draw the bow to the following tweet, at least employee data, if not more of the Cl0p ransomware gang has fallen into the hands..


Cl0p gang publishes data

The cyber attack that took place days ago and was discussed above has passed me by. By chance I got aware of the topic on Twitter via a tweet a few minutes ago.

Clop-Gang: Datenleak der Software AG

The Cl0p cyber gang is claiming a successful ransomware attack on Software AG and has published personal data of company employees on its leak page.

Cookies helps to fund this blog: Cookie settings


This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *