Monday, January 25, 21:04
Home security SoftServe: ransomware attack has affected our clients

SoftServe: ransomware attack has affected our clients

The Ukrainian company SoftServe suffered a ransomware attack on September 1, which may have led to the theft of its customers' source code.

With more than 8.000 employees and 50 offices worldwide, SoftServe is one of the largest companies in Ukraine offering software development and IT consulting services.

The news of the cyber-attack on SoftServe started circulating for the first time on the "Telegram DС8044 Kyiv Info" channel, where an alleged message of the company was communicated to its employees.

SoftServe ransomware

In a subsequent statement to the Ukrainian news site AIN, SoftServe confirmed that it had received a cyber attack that forced it to "disconnect" its customers to prevent it from spreading.

"It simply came to our notice then. The most important consequences of the attack are the temporary loss of functionality of a part of the mail system and the interruption of some of the auxiliary test environments. "As far as we can tell, this is the biggest impact of the attack and other systems or customer data have not been affected."

"To prevent the spread of the attack, we have isolated certain parts of our network and restricted communication with customer networks. We prepare a message to inform our customers about the situation. We are still investigating the incident so we are not ready to comment on who did it, "said Adriyan Pavlikevich, vice president of SoftServe.

A report found today by security researcher MalwareHunterTeam confirms that SoftServe was attacked by ransomware.

This incident report states that the ransomware attack added the extension "* .s0fts3rve555 - *** (as s0fts3rve555-76e9b8bf)" to the encrypted filenames.

It has not been confirmed, but this expansion pattern matches those used by Defray ransomware, also known as RansomEXX, which was recently used against Konica Minolta.

The report also includes one PowerShell script used to find files that changed during the attack, indicating that the attack occurred between 2 p.m. and 9 a.m.

Customer source code is said to have been stolen

In a later post on the Telegram DС8044 channel, links were leaked to the "source code repositories" allegedly stolen during the attack. These zip files are for projects that claim to be intended for companies Toyota, Panasonic, IBM, Cisco, ADT and WorldPay.

Windows customization tool that took advantage of the attack

According to the SoftService report, the attackers took advantage of one DLL vulnerability which violated the legal Rainmeter application to develop their ransomware.

The Rainmeter is a legitimate Windows customization tool that loads a Rainmeter.dll at startup.

During the attack, the threatening agents replaced the legal Rainmeter.dll with a malicious version.



Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...

SpaceX launched 143 satellites simultaneously

SpaceX broke every record with its last spacecraft mission into orbit. The company successfully launched the Transporter-1 mission ...

Sony may resurrect the Xperia Compact to compete with Apple

Have you seen the iPhone 12 mini and wish there was an Android equivalent to this small but powerful smartphone? Can the desire ...

Artificial intelligence (AI) may one day be used against us

AI algorithms offer us the news we read, the ads we see, and in some cases even drive cars ...