Table of Contents

Cybercrime..................................................................................................................................................2
Topmost Five CyberCrime...........................................................................................................................2
Ransomware................................................................................................................................................2
Software AG Ransomware Attack................................................................................................................2
How to prevent...........................................................................................................................................4
References...................................................................................................................................................4

1
 Software AG Ransomware Attack

Cybercrime
Cybercrime means the crime of computers. The use of the computer for bad things and use for
illegal ends. Stealing the company data, Fraud, or any other unusual activity e.g. child
pornography these all come under cybercrime (Yar, 2019). Criminal activity or the bad uses of
the computer is called cybercrime.

Topmost Five CyberCrime

There is a lot of cybercrime worldwide but the topmost cybercrime is phishing scams, Website
fooling, Ransomware, Malware, and IOT Hacking (Anderson, 2018).

Cybercrime which we discussed here is the Software AG Ransomware.

Ransomware
Ransomware is an advanced, technological spin on extortion, a crime that has existed for
centuries. At its most basic level, ransomware works by stealing something of significant value
and demanding payment in exchange for its return. For the most part, this entails the encryption
of firm information. When ransomware strikes, Businesses grind to a halt and employees are
unable to do their duties.

Without recoverable backup data, the organization is vulnerable to an attacker who will keep
your data hostage in exchange for a decryption key that you may buy with Bitcoin. Ransomware
has evolved into its subcategory of malware, and it should be a top priority for all businesses.
According to McAfee, new ransomware assaults increased by 118 percent between 2018 and
2019.

Software AG Ransomware Attack

The Clop ransomware assault exposed company files and personnel information at the second-
largest software company in Germany manufacturer and one of them Europe's top ten. During
the epidemic, the Clop gang has been very active and is one of the most well-known gangs that
have been stealing firm information before target networks are being turned down and
frightening to reveal it to the community if a ransom is funded.

AG Software, based in Darmstadt, employs approximately 5,000 people and sells business
infrastructure technologies to enterprises in more than 70 countries. It is claimed that 70% of
Fortune 1000 organizations employ at least one of their software applications. “The IT

2
organization of AG Software has been damaged by a malware outbreak later the afternoon of 3
Oct 2020,” the business said in a media release, implying that its inner network had been hacked.
The Clop ransomware attack did not appear to affect Software AG's customer-facing cloud
services, but it did expose worker special information and private files on the company's inside
network.

Even yet Software AG did not mention ransomware in their media announcements, safety firm
MalwareHunterTeam has alerted multiple media outlets that they have discovered the Clop
ransomware able to execute recycled in the outbreak. The records, which seem to have originate
from a combination of AG's Software inner system and worker laptops, contain extremely
sensitive special data about the corporation's workers, including ID numbers, snap ID images,
fitness care info, electronic mail, interaction lists, and employ contracts, between other things
(Kumar, 2021). A total of one terabyte of data was taken. If the complete ransom is not funded in
Bitcoin, Clop has exposed to release all of this to the community. On a dark web "leak site," the
ransomware organization confirmed the intrusion by releasing pictures of Software AG files. At
this time, there is no sign that AG Software has funded the ransom. Clients and users of AG
Software do not seem to have been affected by the Clop ransomware assault, nor has any of their
info been hacked, although the business's help desk, as well as various kinds of online contact,
was unavailable for some time.

Security experts still don't have a strong handle on the Clop gang. They think they're from
Eastern Europe, express Russian, and work Monday through Friday with a high and consistent
equal of activity. However, nothing is recognized about the crowd other than the fact that it has
been spotted creating network access and then selling it to third parties, implying that it is a
remote for-profit organization rather than a government-backed threat actor. Clop ransomware
attacks have been linked to a specific organization that has been utilizing this method since at
least early 2019. The ransomware is a variation of CryptoMix, a virus that has been found in the
open since early 2016 but has had little impact other than garnering headlines for being
distributed through phony charity groups. The Clop mutation, on the other hand, is far from
harmless. It has been linked to massive data breaches at biopharmaceutical company
ExecuPharm, Indian business group IndiaBulls, and EV Cargo Logistics in the United Kingdom.
Some security experts suspect the same outfit is responsible for the Dridex banking virus, which
has been wreaking havoc on banks since 2015.

While the Clop ransomware assaults were technically proficient, it was the collection's
dedication to collecting and exposing mark files that set it separately and shifted ransomware
patterns. As March, the organization has retained a website called "CL0P - LEAKS" devoted to
posting exfiltrated data from targets who refuse to pay the ransom (Sharma, 2020). In addition to
being trendsetters in this regard, the Clop ransomware assaults have also aided in the rapid rise in
ransom demands. Ransomware gangs were concentrating extensively on improvised small
businesses just two years ago, making low weights of only a few thousand dollars to entice
victims to pay promptly. The marketplace has moved to a considerably extra "premium" clientele

3
since then. Ransomware gangs are now concentrating their efforts on bigger enterprises,
particularly those that cannot afford protracted system outages. The typical ransom request has
risen to around $200,000, and multimillion-dollar ransom notes are no longer uncommon. The
tactic of releasing stolen data to entice ransom payments isn't exclusive to the Clop ransomware
attack gang. Since April, roughly a half-dozen threat actors have set up alike data leak sites,
publishing stolen data after a ransom request was not met. Companies today face not only
interruption and data loss, but also the risk of secret info being exposed and data breach fines if
they fail to protect personal data.

How to prevent
Back up your files, and then do it again in a different location. Success depends on frequency
and redundancy. There will be a lot of problems if the backup of the system once a week or if the
backup is contaminated.

References
Yar, M. and Steinmetz, K.F., 2019. Cybercrime and society. Sage.

Anderson, R., Barton, C., Böhme, R., Clayton, R., Van Eeten, M.J., Levi, M., Moore, T. and Savage, S.,
2018. Measuring the cost of cybercrime. In The economics of information security and privacy (pp. 265-
300). Springer, Berlin, Heidelberg.

Kumar, P.R. and Ramlie, R.E.B.H., 2021, January. Anatomy of Ransomware: Attack Stages, Patterns
and Handling Techniques. In International Conference on Computational Intelligence in Information
System (pp. 205-214). Springer, Cham.

Sharma, Y.K., 2020. TO CREATE SECURE PLATFORM FOR PREVENTION DETECTION AND
MITIGATION OF THE RANSOMWARE ATTACK.