Schneider Electric has revealed that it suffered a major ransomware attack that resulted in the disruption of certain services and the theft of confidential data.
On January 17, the company’s Sustainability Business division was targeted by a threat actor deploying the Cactus ransomware variant, it was said.
The encryptor disrupted the company’s Resource Advisor cloud platform, which is reportedly still down as of press time.
Terabytes stolen
Cactus is a known threat actor that was first noticed in May 2023, when researchers discovered a ransomware variant that evades detection by encrypting itself. What also makes Cactus interesting is that it has multiple encryption modes, including a fast mode. If the operators decide to run both modes consecutively, the files are encrypted twice and given two file extensions.
The attackers have stolen “terabytes of corporate data,” which they are now threatening to release unless a ransom is paid, reports claim.
We don’t know how much money the hackers are asking for, or what the data is, or who it belongs to, but this division apparently serves companies like DHL, Hilton, PepsiCo, and Walmart and offers consulting on renewable energy, sustainability regulations, and more.
“From a recovery perspective, Sustainability Business is implementing recovery steps to ensure that business platforms are restored to a secure environment. Teams are currently testing the operational capabilities of affected systems with the expectation that access will resume within the next two business days.” the company told BleepingComputer.
“From a containment perspective, no other entity within the Schneider Electric group is affected, as Sustainability Business is an autonomous entity operating its isolated network infrastructure.”
Through BleepingComputer