News Hub

Schneider Electric hit with Cactus ransomware attack

Written by Thu 1 Feb 2024

Schneider Electric has become the latest victim of a ransomware attack, leading to the theft of substantial corporate data.

First reported by BleepingComputer, the attack claimed by the Cactus ransomware group occurred on January 17th. It primarily affected the company’s Sustainability Business division.

Impact and Extortion Threats

The cyberattack disrupted operations of Schneider Electric’s Resource Advisor cloud platform, causing ongoing outages.

The attackers have reportedly stolen terabytes of data and are now threatening to release this sensitive information unless a ransom is paid.

The exact nature of the stolen data remains unclear, but the division is known for providing consultancy on renewable energy solutions and climate regulatory compliance to global enterprises.

Schneider Electric’s Sustainability Business has customers including Allegiant Travel Company, Clorox (which faced its own cyberattack), DHL, PepsiCo, and Walmart

The company has yet to disclose whether it intends to meet the ransom demands.

Schneider Electric Responds to Ransomware Attack

In response to the attack, Schneider Electric said: “On January 17th, 2024, a ransomware incident affected our Sustainability Business division. The attack has impacted Resource Advisor and other division specific systems.”

The company has mobilised its Global Incident Response team to contain the incident and is working on restoring the affected systems.

“From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment,” said the statement.

Schneider Electric tested the operational capabilities of impacted systems, with the expectation that access will resume in the next two business days.

They reassured that the attack is confined to the Sustainability Business division due to its autonomous network infrastructure, preventing wider impact across the Schneider Electric group.

“From an impact assessment standpoint, the on-going investigation shows that data have been accessed,” added Schneider Electric.

Schneider Electric will continue the dialogue directly with its impacted customers, providing information and assistance when more details come to light.

A detailed forensic analysis of the ransomware attack is taking place with cybersecurity firms. The Schneider Electric Global Incident Response team is also taking additional actions based on its outcomes, working with relevant authorities.

Expert Commentary

Daniel Lattimer, Area VP at Semperis, commented on the significance of the attack, speculating its strategic timing close to Schneider Electric’s annual financial results announcement.

“The reported ransomware attack on Schneider Electric is a deliberate and calculated attack on the company’s Sustainability Business Division,” said Lattimer.

Lattimer emphasised the broader implications of attacking critical infrastructure providers and the importance of organisational preparedness against ransomware threats.

“Overall, any attack on critical infrastructure providers is significant and, as names of some of the company’s customers in its Sustainability Business surface, the threat actors knew exactly what they were attacking and the ramifications of their actions could be significant,” added Lattimer.

With 150,000 global employees, the attack surface is significant.

“This ransomware attack is another reminder that even giant, global organisations with world class security pros and incident responders on staff, can still be victimised. And deliberate, motivated, and persistent threat actors will eventually find a gap in the digital footprint of any company,” said Lattimer.

Lattimer praised Schneider Electric’s efforts to mitigate the business disruptions caused by the attack.

“The good news is that Schneider Electric is working diligently to eliminate the remaining business disruptions this ransomware attack caused and hopefully they will be operating fully in the coming days,” said Lattimer.

He stressed the need for organisations to bolster their operational resiliency and cybersecurity measures to deter future attacks.

“Overall, it is essential for organisations to know that they will all likely be targeted at some point in the next six-to-twelve months by ransomware gangs. It is a harsh reality today for all organisations and government agencies,” warned Lattimer.

Companies can improve their operational resiliency by knowing what their critical systems are. By preparing in peacetime, defenders can make their organisations sufficiently difficult to compromise that hackers will look for softer targets.

Join Cloud & Cyber Security Expo

6-7 March 2024, ExCeL London

Cloud & Cyber Security Expo is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Written by Thu 1 Feb 2024

Send us a correction Send us a news tip