Hackers steal data from IT infrastructure firm Citycomp

A group of hackers have carried out a ransomware attack on Citycomp, which provides internet infrastructure for companies such as Airbus, Toshiba and Volkswagen

The hacker group that stole data from a number of international firms published the files after Citycomp failed to meet its blackmail request

A group of cybercriminals has stolen data on a number of prominent global firms including Airbus, Toshiba and Volkswagen by breaking into an IT services provider.

Citycomp, a German firm that builds IT infrastructure, was targeted by a hacker group on April 30, according to Motherboard, the publication that first learned of the attack. The hacker group set up a website to distribute the stolen material, which may include sensitive financial data.

The hacker group set up a website to distribute the stolen material, which may include sensitive financial data

Michael Bartsch, Citycomp’s crisis manager for this case, told The New Economy: “A still-unknown perpetrator has stolen customer data of Citycomp and threatened the company with publication, should it not comply with the blackmail attempt.”

On the website set up by the hackers, they claimed to be in possession of “312,570 files in 51,025 folders, over 516GB [of financial data] and private information on all clients”. The companies affected include Ericsson, Leica Camera, Toshiba, UniCredit, BT, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche and Volkswagen, according to the hackers.

The files were made publicly available for download on the data site. Bartsch said: “Since Citycomp does not comply with blackmail, the publication of customer data could not be prevented.” He added that Citycomp’s customers had been informed of the publication.

The site set up by the hackers also featured a contact email address, which, according to Motherboard, has previously been associated with other ransomware campaigns.

Bartsch confirmed that Citycomp had since “implemented further technical and organisational measures” to “increase security in order that such an attack will not occur again in the future”.

The hackers’ tactic of attempting to extort a ransom payment from Citycomp in exchange for the data is becoming increasingly common in this sort of attack. Where previously cybercriminals may have attempted to sell data on the dark web, many are now choosing the ransomware path in the hope this will deliver a bigger payoff.

Related topics: , ,