Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies
Hackers have broken into an internet infrastructure firm that provides services to dozens of the world's largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also released data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material.
Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company's website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday.
"Citycomp has been hacked and blackmailed and the attack is ongoing," Bartsch wrote. "We have to be careful as the whole case is under police investigation and the attacker is trying all tricks."
Do you know anything else about this breach? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com
On a website apparently created to distribute Citycomp client data, the hackers claim they are in possession of "312,570 files in 51,025 folders, over 516GBb data financial and private information on all clients." Some of the clients include Ericsson, Leica, Toshiba, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche, and Volkswagen, according to a list of the victims on the website.
It appears the data may relate to German offices of those companies. Several entities in the victim list have the "GmbH" title; the German term for a limited liability company. Two supermarkets popular in Germany, REWE and Kaufland, are also included.
"We have informed and warned all concerned clients," Bartsch said.
"There was full transparency about the attack and theft as well as public release of the data with our clients from the very beginning. The support is unanimous," he added.
Before Bartsch's confirmation, Motherboard contacted multiple Citycomp clients on Monday, including British Telecom, Oracle, Airbus, Porsche, and Ericsson. None responded to a request for comment.
"We have to be careful as the whole case is under police investigation and the attacker is trying all tricks."
The files are publicly available for download on the data site. Some victims only have one, two or three files listed, while others have hundreds.
The post said that the files would be released on April 31st, 2019 (there are only 30 days in April).
Increasingly, hackers have threatened to release or simply dump data belonging to a victim in order to pressure them into paying a ransom. Bartsch said the company has not given in to such a demand, though.
"We did not yield to the extortion demands and our analysts are conducting a profound technical and forensic analysis on the attack," he wrote.
On the data website, the hackers included an email address to contact them. That email is also the contact address for at least one previous ransomware campaign. The hackers did not immediately respond to a request for comment.
Update: This piece has been updated to include that the attackers' email address is also linked to a ransomware campaign. It has also been updated to say that the files are now available for download.
Subscribe to our new cybersecurity podcast,CYBER.