Schneider Electric has revealed it suffered a major ransomware attack that resulted in the disruption of certain services and the theft of confidential data.
On January 17, the company’s Sustainability Business division was targeted by a threat actor deploying the Cactus ransomware variant, it was said.
The encryptor disrupted the company’s Resource Advisor cloud platform, which is allegedly still not working as we go to press.
Cactus is a known threat actor that was first spotted in May 2023, when researchers discovered a ransomware variant that evades detection by encrypting itself. What also makes Cactus interesting is that it has multiple modes of encryption, including a quick mode. If the operators decide to run both modes one after the other, the files will be encrypted twice and will get two file extensions.
The attackers stole “terabytes of corporate data”, which they’re now threatening to release, unless a ransom payment is met, reports have claimed.
We don’t know how much money the hackers are asking for, or actually what the data is, or whose it is, but this division apparently services companies such as DHL, Hilton, PepsiCo, and Walmart, offering consulting on renewable energy, sustainability regulations, and more.
“From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment. Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days,” the company told BleepingComputer.
“From a containment standpoint, as Sustainability Business is an autonomous entity operating its isolated network infrastructure, no other entity within the Schneider Electric group has been affected.”