Ransomware Group Targets Apache OpenOffice with False Data Breach Claims

[johny899]

Lately, a hacker group by the name of the Akira ransomware gang claimed to take control of Apache OpenOffice and steal 23 GB of information, stating the stolen data included employee details, ID cards, credit cards, and financial reports. The group even posted about it on their dark web site, saying, "We’ll upload all these corporate files soon."

So, that is unsettling, right? Now, here’s the kicker.

Apache OpenOffice Denies it​

The Apache Software Foundation (ASF), which oversees the OpenOffice project, says they have no evidence of actually being hacked. They also stated:

• They did not have any kind of ransom note from the hackers.
• OpenOffice is an open-source volunteer project—not a company with any employees or financial accounts.
• Therefore, ASF said they do not even have the type of private data the hackers said they did.
• They have seen no signs of any breach in their system at all.

In short, ASF thinks the hackers either targeted the wrong organization or made the claims for attention.

Importance of the Subject​

I have used OpenOffice myself, so this story caught my eye. You might be thinking I should be concerned.

Here is why it matters anyway:

Trust in open-source tools: When hackers say a popular application got hacked, the public loses trust in the application even if it is untrue.

Possible bluff: Some ransomware groups merely bluff about hacking a popular application to scare the parties to whom they are sending the ransom note.

Open projects are different: OpenOffice does not have employees or hidden databases, like a company does, so it would not be easy to hack and steal the information the hackers claim the hack stole.

Recommended User Steps​

If you are a user of OpenOffice, there is no cause for immediate concern. You will want to observe what happens when the Apache team provides official updates, but in the meantime, there are a couple of commonsense points to keep in mind:

• Only download from the official OpenOffice website.
• Don’t click on links or download from unverified sources.

Final Thoughts​

As it stands now, I think it is possible that this "breach" is not real or, at the very least, there has been some errors around the claims. However, this highlights the very real issue that even open-source platforms can be not only targeted for sub-par hacks, but also legitimately targeted for real hack action either way I watch the situation to see if anything real comes out of this - for now, OpenOffice users can breathe easy.