Schneider Electric hit with Cactus ransomware attack
Written by Stuart Crowley Thu 1 Feb 2024
Schneider Electric has become the latest victim of a ransomware attack, leading to the theft of substantial corporate data.
First reported by BleepingComputer, the attack claimed by the Cactus ransomware group occurred on January 17th. It primarily affected the company’s Sustainability Business division.
Impact and Extortion Threats
The cyberattack disrupted operations of Schneider Electric’s Resource Advisor cloud platform, causing ongoing outages.
The attackers have reportedly stolen terabytes of data and are now threatening to release this sensitive information unless a ransom is paid.
The exact nature of the stolen data remains unclear, but the division is known for providing consultancy on renewable energy solutions and climate regulatory compliance to global enterprises.
Schneider Electric’s Sustainability Business has customers including Allegiant Travel Company, Clorox (which faced its own cyberattack), DHL, PepsiCo, and Walmart
The company has yet to disclose whether it intends to meet the ransom demands.
Schneider Electric Responds to Ransomware Attack
In response to the attack, Schneider Electric said: “On January 17th, 2024, a ransomware incident affected our Sustainability Business division. The attack has impacted Resource Advisor and other division specific systems.”
The company has mobilised its Global Incident Response team to contain the incident and is working on restoring the affected systems.
“From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment,” said the statement.
Schneider Electric tested the operational capabilities of impacted systems, with the expectation that access will resume in the next two business days.
They reassured that the attack is confined to the Sustainability Business division due to its autonomous network infrastructure, preventing wider impact across the Schneider Electric group.
“From an impact assessment standpoint, the on-going investigation shows that data have been accessed,” added Schneider Electric.
Schneider Electric will continue the dialogue directly with its impacted customers, providing information and assistance when more details come to light.
A detailed forensic analysis of the ransomware attack is taking place with cybersecurity firms. The Schneider Electric Global Incident Response team is also taking additional actions based on its outcomes, working with relevant authorities.
Daniel Lattimer, Area VP at Semperis, commented on the significance of the attack, speculating its strategic timing close to Schneider Electric’s annual financial results announcement.
“The reported ransomware attack on Schneider Electric is a deliberate and calculated attack on the company’s Sustainability Business Division,” said Lattimer.
Lattimer emphasised the broader implications of attacking critical infrastructure providers and the importance of organisational preparedness against ransomware threats.
“Overall, any attack on critical infrastructure providers is significant and, as names of some of the company’s customers in its Sustainability Business surface, the threat actors knew exactly what they were attacking and the ramifications of their actions could be significant,” added Lattimer.
With 150,000 global employees, the attack surface is significant.
“This ransomware attack is another reminder that even giant, global organisations with world class security pros and incident responders on staff, can still be victimised. And deliberate, motivated, and persistent threat actors will eventually find a gap in the digital footprint of any company,” said Lattimer.
Lattimer praised Schneider Electric’s efforts to mitigate the business disruptions caused by the attack.
“The good news is that Schneider Electric is working diligently to eliminate the remaining business disruptions this ransomware attack caused and hopefully they will be operating fully in the coming days,” said Lattimer.
He stressed the need for organisations to bolster their operational resiliency and cybersecurity measures to deter future attacks.
“Overall, it is essential for organisations to know that they will all likely be targeted at some point in the next six-to-twelve months by ransomware gangs. It is a harsh reality today for all organisations and government agencies,” warned Lattimer.
Companies can improve their operational resiliency by knowing what their critical systems are. By preparing in peacetime, defenders can make their organisations sufficiently difficult to compromise that hackers will look for softer targets.
Written by Stuart Crowley Thu 1 Feb 2024
Most Viewed News
February 21, 2024Ransomware group LockBit disrupted by the UK’s NCA along with FB...
February 20, 2024Virgin Media O2 reveals NetCo, a new company to rival BT Openreach
February 20, 2024Echelon Data Centres receives £673m investment from Starwood Capital