Ransomware Group Claims Attack on Constellation Software – Source: www.securityweek.com

The Alphv/BlackCat ransomware group has claimed responsibility for a cyberattack that Canadian software company Constellation Software disclosed last week.

Toronto-based Constellation Software is a company specialized in the acquisition of vertical market software firms. With a few notable exceptions, the company’s acquisitions have been small, of less than $5 million in value.

On May 4, Constellation Software revealed that it fell victim to a cyberattack that impacted “a limited number of its IT infrastructure systems”. The attack occurred on April 3, 2023.

The compromised systems were “related to internal financial reporting and related data storage by the operating groups and businesses of Constellation”, the company says in an incident notice on its website.

According to the software giant, the attack did not impact the IT systems of its operating groups and businesses and did not affect its business operations.

“The incident has since been contained, and impacted systems have now been restored,” Constellation notes.

The company says that a limited amount of personal information was compromised during the incident, along with a limited amount of business partner data.

While Constellation Software did not say what type of cyberattack, the Alphv/BlackCat ransomware gang last week posted on its leak site an entry about the incident, claiming to have stolen over one terabyte of data from the company.

Claiming to have had access to Constellation Software’s network for a long period of time, the attackers published a series of screenshots depicting documents allegedly stolen during the attack.

What is unclear yet, however, is whether Constellation Software detected the attack before file-encrypting ransomware was executed on its systems.

The company has not shared information on the number of potentially impacted individuals either.

SecurityWeek has emailed Constellation Software for additional details on the incident and will update this article as soon as a reply arrives.

Related: Western Digital Confirms Ransomware Group Stole Customer Information

Related: RTM Locker Ransomware Variant Targeting ESXi Servers

Related: Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13