ALPHV claims responsibility for cyberattack on Constellation Software.

Canadian software provider Constellation Software disclosed last week what they’re calling a cybersecurity incident, impacting the company’s IT infrastructure. The ALPHV ransomware gang has claimed the attack on its data leak site, Bleeping Computer reports.

Constellation discloses a breach of systems, with some information stolen.

 IT World Canada reports that a disclosure from Constellation shared that some IT systems within the company were breached, and that there were also leaks of some personal data, “The Incident was limited to a small number of systems related to internal financial reporting and related data storage by the operating groups and businesses of Constellation,” said the company. “A limited amount of personal information of individuals was impacted by the Incident. A limited amount of data of the business partners of Constellation businesses was also impacted.”

ALPHV ransomware gang claims the attack and threatens data leakage.

Bleeping Computer explains that the attack has been claimed by the ALPHV ransomware gang: they’ve added a new entry for the company to their data leak site. The gang threatens to leak more than a terabyte of data if the ransom demand is ignored. "We have been on your network for a long time and have had time to analyze your business. We have stolen more than 1 TB of your confidential data. If you ignore or refuse the deal, we will be forced to release all of your data to the public,” the gang wrote. The ALPHV gang, known also as BlackCat, is one of the most active ransomware operations  impacting enterprises globally.

Industry insights on the cyberattack.

James McQuiggan, Security Awareness Advocate at KnowBe4, advises increased awareness and cautiousness in sharing personal information:

"With daily ransomware attacks on organizations, it stresses the importance of client and personal data protection. Losing this data is detrimental to the brand and to personal data which will have lasting consequences for the affected individuals. It’s crucial that victims of these attacks should safeguard accounts relating to the organization. Victims and organizations affected by the data loss should monitor online and possibly social media accounts as cybercriminals will be leveraging the personal data to gain access to various accounts containing trusted connections of the victim. Additional steps include utilizing multi-factor authentication (MFA) wherever possible and watching out for dedicated and specific phishing attempts. It’s essential to be cautious and skeptical of unexpected emails, messages, or phone calls claiming to be from financial institutions or other organizations, as they may be attempts to gather more information about you."

Paul Bischoff, Consumer Privacy Advocate at Comparitech, notes that the attack’s initial disclosure by the gang may reveal a lack of insight by the company into the scope of the attack:

"Constellation hasn't stated what, how, or how much data was stolen, so it's difficult to gauge the scope of the attack. It's also not clear whether Constellation will pay the ransom or has already done so. It's never a good sign when a hacker group discloses a breach before the organization that got breached. That often means the organization didn't even know it was being breached until the hackers notified them or alerted the public. I don't know if that's what happened here, but it seems likely."