Another ransomware attack made hit a big company, this time the victim is the Global information services giant Wolters Kluwer that took offline some of the affected systems after the incident.
Wolters Kluwer N.V. is a global information services company headquartered in the Netherlands that serves legal, business, tax, accounting, finance, audit, risk, compliance, and healthcare markets.
On May 6, the company noticed some “technical anomalies” and the consequent investigation led to the discovery of the malware infection.
“On Monday, May 6, we started seeing technical anomalies in a number of our platforms and applications. We immediately started investigating and discovered the installation of malware.” reads the statement published by the company. “As a precaution, in parallel, we decided to take a broader range of platforms and applications offline.”
One of the most impacted units of the company is CCH, the cloud-based tax division.
“Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands.” reported the popular investigator Brian Krebs. “The message was that the same file directories containing new versions of CCH’s software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access.”
In order to limit the impact of the ransomware and investigate the intrusion, the company shut down some of its systems, it also hired forensics consultants to discover the way attackers breached the company and the extent of the attack.
The company was able to restore service to a number of applications and platforms on May 7.
“With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution.” continues the statement. “Unfortunately, this impacted our communication channels and limited our ability to share updates.”
The company confirmed that customer data had not been accessed by attackers, it is not aware of customers infected by malware delivered through its applications.
“We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications.” concludes the company. “Our investigation is ongoing. We want to apologize for any inconvenience this may have caused.”
At this time is not clear which piece of malware hit the company, but according to some reports, the ransomware involved in the attack is MegaCortex. MegaCortex was first discovered by security experts at Sophos in January, it is targeting corporate networks in the United States, Italy, Canada, France, the Netherlands, and Ireland.