Constellation Struck By Ransomware Attack, ALPHV Lays Claim

By   Olivia William
Writer , Information Security Buzz | May 05, 2023 09:20 am PST

On Thursday, Canadian software firm Constellation Software reported that threat actors had broken into some of its networks and stolen personal information and corporate data.

A small number of systems used for internal financial reporting and related data storage by Constellation’s operating groups and companies were affected by “the Incident,” the company said.

“This incident had no effect on the separate IT systems used by Constellation’s operating groups and businesses.” Constellation further noted that the attack had been stopped and that it had fully restored the IT infrastructure systems that had been compromised.

Business associates and people whose data was compromised are also being contacted to provide them with more information.

The Incident affected a small number of people’s private data. The company further said, “A small amount of data belonging to business partners of Constellation businesses was also impacted.”

Constellation Software has six divisions that it uses to buy, manage, and grow software companies; these divisions are Volaris, Harris, Jonas, Vela Software, Perseus Group, and Topicus.

The Canadian firm’s consolidated revenues surpass $4 billion, and its more than 25,000 workers span North America, Europe, Australia, South America, and Africa.

Constellation has bought over 500 software firms since 1995 and now serves over 125,000 customers in over 100 countries. The ALPHV ransomware group has taken credit for the attack. The ALPHV ransomware gang (aka BlackCat) added a new entry to its data leak site, claiming that they breached the company’s network and stole more than 1 TB worth of files.

At the same time, Constellation has yet to provide information on who was behind the attack or how the threat actors gained access to its network. The ransomware group further threatens to release the stolen data if the organization does not comply with the ransom demand.

We’ve spent a lot of time on your network and thinking about your company. We have successfully stolen over one terabyte of your private information. “We will be forced to release all of your data to the public if you ignore or reject the deal,” the group said.

ALPHV has already posted certain documents online containing business information as evidence that they gained access to and exfiltrated files from Constellation’s network.

The DarkSide/BlackMatter cybercrime syndicate is suspected of launching this November 2021 ransomware campaign under a new name. After attacking the Colonial Pipeline as DarkSide, it caught the attention of law police around the world.

when rebranding in July 2021 as BlackMatter, the company was shut down again in November when the servers were seized and Emsisoft developed a decryptor by taking advantage of a vulnerability in the ransomware.

The ALPHV group is currently recognized as one of the major ransomware threats posing a threat to corporations all over the world.

The FBI issued a warning about ALPHV in April, saying that they have “extensive networks and experience with ransomware operations” after the group successfully hacked over 60 companies throughout the world between November 2021 and March 2022.


Canadian software company hacked this week. On Wednesday, Toronto-based Constellation Software Inc. revealed a cyber-security incident affecting a few IT infrastructure systems. It reported a minimal breach of personal data. Constellation business partners’ limited data was affected. Constellation’s operating groups and companies directly engage such persons and business partners.” British Columbia Emsisoft threat analyst Brett Callow tweeted that the AlphV ransomware gang attacked Constellation. The letter says we’ve been on your network for a while and can assess your business. We stole 1TB. We will reveal your data if you reject the arrangement.

Constellation Software buys and builds software firms. It claims over 25,000 employees and US$4 billion in consolidated revenues. Volaris Group, Harris Computer, Jonas Software, Perseus Group, and Topicus Group operate over 170 software companies in 40 vertical markets. Constellation said the intrusion affected a few internal financial reporting and data storage systems for its operating divisions and businesses. Constellation’s independent IT systems were unaffected. Constellation said the event did not affect its commercial operations. Constellation immediately hired cyber-security professionals to control the attack and perform a forensic investigation. “The incident was contained, and impacted systems have been restored,” it reads.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x