SoftServe hit by Ransomware

September 22, 2020
softserve ransomware attack data breach client data leak malware antimalware malware solutions rainmeter rainmeterapp

An internal letter to their employees has leaked out in the cybersecurity community leading to the discovery of another feisty attack from a ransomware adversary. According to the letter, dated September 1, between 2 AM to 9 AM, the said attack happened to SoftServe compromising their network system by deploying ransomware and other malware by an unknown attacker.

The company that eventually confirmed the attack was the prominent Ukrainian software developer and IT consultancy firm – SoftServ. The company has been around 1993, kicking off from Ukraine and grew to be one of the largest IT firms in their country. Since then, spread out its services in Europe and the United States with an estimated of over 8000 employees and 50 offices around the globe. To name a few of their offered services to include Cloud Services, UX/UI design, software development, Internet of Things (IoT), Information Security Management, and E-commerce. In 2004, they were given recognition and became a part of the Microsoft Partner Ecosystem for their expert contribution to the technology.

Noting Microsoft, digging deep into the attack that happens, the initial report confirmed that the ransomware was delivered through exploiting a Microsoft Windows App – The Rainmeter. This app is a Windows default tool to customized user settings in the Windows OS platform. With the aid of other malware features like Beacon and Powershell, the intrusion becomes stealthier, which most antivirus or antimalware programs may fail to detect. Analysis tells us the pattern used by the adversary was similar to the attack that happened with Blackberry in 2019, wherein the same variant of the ransomware and modus was used that targeting app and such alike LogMeIn and Google Update.


In mitigating the effect of the attack, upon discovery, SoftServe, immediately disconnects its communication gateway to their clients to stop the spread of the infection.


They also halted some of their internal services like their mail and testing system for additional safety measures while investigating and doing alternatives to stay afloat. On their initial incident report to the community, they have confirmed the attack and have already told possible containment of the infection. They also stated that the sensitive information of clients and a big part of the system were not affected by the attack due to their resilience and immediate action plan. However, after the attack, a few data and client information has been leaked out in the cyberworld containing names of the distinguished company such as Toyota, Panasonic, IBM, Cisco, ADT, WorldPay, etc. connotating on the file SoftServe.

SoftServe confirmed that the current attack was massive so far that the company experienced. They are now in open communication with their client to report the extent of the damage incurred to the company and their ongoing mitigation plan in motion. No other official statement from the company has been heard, and all are still waiting for further announcements and confirmation about the leaked client information.

About the author

Leave a Reply