On a website apparently created to distribute Citycomp client data, the hackers claim they are in possession of “312,570 files in 51,025 folders, over 516GBb data financial and private information on all clients.” Some of the clients include Ericsson, Leica, Toshiba, UniCredit, British Telecom, Hugo Boss, NH Hotel Group, Oracle, Airbus, Porsche, and Volkswagen, according to a list of the victims on the website.It appears the data may relate to German offices of those companies. Several entities in the victim list have the “GmbH” title; the German term for a limited liability company. Two supermarkets popular in Germany, REWE and Kaufland, are also included.“We have informed and warned all concerned clients,” Bartsch said.
Do you know anything else about this breach? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org
Some files are publicly available for download on the data site. Some victims only have one, two or three files listed, while others have hundreds.The post said that the files would be released on April 31st, 2019 (there are only 30 days in April).On the data website, the hackers included an email address to contact them. That email is also the contact address for at least one previous ransomware campaign. In an email, the hacker or hackers, who went by the handle Boris Bullet-Dodger, confirmed the attack was financially-motivated, and said that they demanded $5,000 from Citycomp.
“We have to be careful as the whole case is under police investigation and the attacker is trying all tricks.”