Schneider Electric [1] [2] [3] [4] [5], a multinational company specializing in energy management and digital transformation [2] [3], recently experienced a ransomware attack on its Sustainability Business division [1] [2] [3]. This attack resulted in the encryption of the division’s systems and the theft of data [4]. The Russian ransomware group Cactus claimed responsibility for the attack.
Description
Schneider Electric’s Sustainability Business division [2] [4] [5], which offers energy management and digital automation products [4], was targeted by the Cactus ransomware group [4]. The attack led to the encryption of the division’s systems and the theft of data. Although Schneider Electric’s name was not found on the dark web leak page of the Cactus group, they have claimed responsibility for the attack. Fortunately, the attack did not impact any other divisions within Schneider Electric. The company is currently working on remediation steps to securely restore its business systems and expects to resume operations once the process is complete.
Schneider Electric has already informed affected customers, including major brands such as Hilton [5], Pepsico [5], and Walmart [5]. The extent of the data breach is still unknown [4], but Schneider Electric’s incident response teams and cybersecurity specialists are actively investigating the incident [4]. This attack comes less than a year after the company was targeted by the Clop ransomware group’s mass hack attack [4].
In addition to its products and services, Schneider Electric also provides cybersecurity services to help clients protect their operational technologies [4].
The Cactus ransomware group [2] [4] [5], active since March 2023 [2] [3], is known for utilizing encryption to protect its ransomware binary [2]. They also employ various legitimate tools for remote access and post-exploitation activities [2]. Furthermore, the group uses a batch script to uninstall popular antivirus solutions on infected machines [2]. It’s worth noting that the Cactus ransomware group previously claimed responsibility for hacking Coop [2], a major retail and grocery provider in Sweden [2].
Schneider Electric is collaborating with cybersecurity firms to investigate the incident and restore the affected systems. The group has been targeting major companies since March 2023 [3], gaining initial access through VPN devices. In November [3], they launched an exploitation campaign by exploiting vulnerabilities in Qlik Sense.
Conclusion
The ransomware attack on Schneider Electric’s Sustainability Business division has had significant impacts, including the encryption of systems and data theft [4]. The company is actively working on remediation steps to restore its business systems securely [1]. Schneider Electric has informed affected customers and is collaborating with cybersecurity firms to investigate the incident [2]. This attack highlights the importance of robust cybersecurity measures and the need for ongoing vigilance in protecting operational technologies.
References
[1] https://www.scmagazine.com/news/ransomware-attack-claims-schneider-electrics-sustainability-division
[2] https://securityaffairs.com/158320/data-breach/schneider-electric-cactus-ransomware-attack.html
[3] https://www.cybersecuritydive.com/news/schneider-electric-ransomware-sustainability/706006/
[4] https://www.bankinfosecurity.com/ransomware-attack-hits-schneider-electric-sustainability-unit-a-24221
[5] https://www.infosecurity-magazine.com/news/schneider-electric-data-ransomware/