ALPHV gang claims ransomware attack on Constellation Software

Canadian diversified software company Constellation Software confirmed on Thursday that some of its systems were breached by threat actors who also stole personal information and business data.

“The Incident was limited to a small number of systems related to internal financial reporting and related data storage by the operating groups and businesses of Constellation,” the company .

“The independent IT systems of Constellation’s operating groups and businesses were not impacted by this Incident in any way.”

Constellation added that it had contained the attack and has now restored all of the IT infrastructure systems impacted in the incident.

Business partners and individuals whose information was stolen during the breach are also being contacted with more details regarding the attack.

“A limited amount of personal information of individuals was impacted by the Incident. A limited amount of data of the business partners of Constellation businesses was also impacted,” the company added.

Constellation Software acquires, manages, and builds software businesses through six operating groups: Volaris, Harris, Jonas, Vela Software, Perseus Group, and Topicus.

The Canadian company has over 25,000 employees across North America, Europe, Australia, South America, and Africa, generating consolidated revenues exceeding $4 billion.

Constellation also provides services to 125,000 customers in over 100 countries and has acquired more than 500 software companies since 1995.

Attack claimed by the ALPHV ransomware gang

While Constellation is yet to provide information on who was behind the attack or how the threat actors gained access to its network, the ALPHV ransomware gang (aka BlackCat) added a new entry to its data leak site, saying that they breached the company’s network and stole more than 1 TB worth of files.

The ransomware gang also threatens to leak the stolen data if the company ignores the ransom demand and refuses to negotiate.

“We have been on your network for a long time and have had time to analyze your business. We have stolen more than 1 TB of your confidential data. If you ignore or refuse the deal, we will be forced to release all of your data to the public,” the gang said.

As proof that they had access and exfiltrated files from Constellation’s network, ALPHV has already leaked some documents containing business information online.

ALPHV Constellation entry
Constellation Software entry on ALPHV’s data leak blog (BleepingComputer)

This ransomware operation was launched and is believed to be .

It first gained notoriety as DarkSide after and immediately landing in the crosshairs of .

Even though they one month later, in July 2021, they were again in November after the operation’s servers were seized and by exploiting a weakness in the ransomware.

Currently, the ALPHV gang is considered one of the significant ransomware threats targeting enterprises worldwide.

​​Last April, the Federal Bureau of Investigation (FBI) that ALPHV has “extensive networks and experience with ransomware operations” since they successfully breached over from November 2021 to March 2022.