Extortionists leak data of huge firms after IT provider refuses to pay

Financial data from some the world's biggest companies – including Porsche, Oracle, Toshiba and more – has been stolen and published in a ransomware attack on the large, Germany-based IT provider Citycomp.

Citycomp, which says that it maintains over 70,000 servers and storage systems “of every type and size” in 75 countries, issued a statement saying that it had “successfully fended off a hacker attack” in early April and that it has no intention of complying with the blackmail attempt.

Given its refusal to capitulate, Citycomp said, the data couldn't be saved from being doxxed. “Full transparency” was in place and it informed its customers “right from the start,” it said.

[Citycomp] does not yield to blackmail. The repercussion is the publication of the stolen customer data.

While Citycomp said that the attack had been stopped, a security firm it's working with and which was authorized to speak to Motherboard told the publication that as of Tuesday, it was ongoing. Michael Bartsch, executive director of Deutor Cyber Security Solutions:

Citycomp has been hacked and blackmailed and the attack is ongoing. We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.

The hackers created a .onion Dark Web site where the stolen data can be browsed and downloaded. The list of victims includes names such as Porsche, Oracle, Toshiba, the New Yorker, Ericsson, Leica, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, and Airbus, among many others. On the site, the hackers claim that they have “312,570 files in 51,025 folders, over 516GBb data financial and private information on all clients.”

Bartsch told Motherboard that after informing and warning all clients, being fully transparent from the get-go, their support has been “unanimous.”