Malware takes Wolters Kluwer CCH cloud accounting service offline

Malware takes Wolters Kluwer CCH cloud accounting service offline

Wolters Kluwer, the company behind cloud accounting software CCH, has confirmed that its service was knocked offline after malware was discovered on its systems.

Part of the statement reads:

On Monday, May 6, we started seeing technical anomalies in a number of our platforms and applications. We immediately started investigating and discovered the installation of malware. As a precaution, in parallel, we decided to take a broader range of platforms and applications offline. With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution. Unfortunately, this impacted our communication channels and limited our ability to share updates.

Sign up to our free newsletter.
Security news, advice, and tips.

Precisely what malware was discovered on Wolters Kulwer’s network, and whether it was – for instance – file-encrypting ransomware or designed to allow hackers to steal information has not been disclosed.

That’s a detail which many users of CCH will be keen to discover, as it will help them assess the likelihood of whether other sensitive information may have been exposed as a result of the security breach, although Wolters Kluwer does say that it does not believe that any customer or corporate data was stolen.

There will also no doubt be tough questions asked regarding whether Wolters Kluwer has been as transparent as possible in communicating promptly with its professional accountancy customers about why CCH was inaccessible.


In the absence of initial details, a thread sprang up on Reddit, with frustrated CCH users posting about their experiences and sharing theories of what might be going on.

Although it’s unclear if it’s connected or not, one Reddit user reported that two workers at their firm had received phishing emails yesterday purporting to come from a Wolters Kluwer employee called “Tammy”.

To add to Wolters Kluwer’s headaches, security blogger Brian Krebs reports that last Friday he informed the CCH security team that publicly-accessible file directories containing new versions of the company’s software were “open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access.”

This, no doubt, was the nudge that resulted in the malware being discovered.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.