The JCI ransomware attack forced the firm to shut down large portions of its IT infrastructure, which affected customer-facing systems.
MILWAUKEE — Alarm and building automation giant Johnson Controls confirmed in its quarterly filing with the Securities and Exchange Commission that the company lost $27 million in expenses and corporate data in the ransomware attack in which it was victimized in September.
Johnson Controls’ data breach started in its Asia offices, before the attackers increased the breach across the company’s global network, according to a BleepingComputer report. The attack “forced the firm to shut down large portions of its IT infrastructure, which affected customer-facing systems,” the report says.
“The cybersecurity incident consisted of unauthorized access, data exfiltration, and deployment of ransomware by a third party to a portion of the Company’s internal IT infrastructure,” Johnson Controls wrote in its SEC filing Monday, Jan. 30.
“The impact on net income for the three months ended December 31, 2023, of lost and deferred revenues, net of revenues deferred at the end of fiscal 2023 and recognized in the first quarter of fiscal 2024, and expenses during the quarter was approximately $27 million,” the SEC filing says. “These impacts were primarily attributable to expenses associated with the response to, and remediation of, the incident, and are net of insurance recoveries.”
Inside the Johnson Controls Ransomware Attack
The Dark Angels ransomware gang was behind the attack and claimed to have stolen more than 27 terrabytes of confidential data from Johnson Controls. The threat actors then demanded a $51 million ransom to delete the data and provide a file decryptor, according to the BleepingComputer report.
Dark Angels is a ransomware gang launched in May 2022 using encryptors based on the leaked source code of the now-defunct Babuk and Ragnar Locker operations, the report says.
A Johnson Controls spokesperson had no additional comment to SSI on the extent or scope of the data breach beyond its most recent SEC filing.
Johnson Controls hired “external cybersecurity experts” to recover from the “cybersecurity incident,” and worked with its insurers to recover from the ransomware incident, according to a previous SEC filing filed shortly after the breach.
The company confirmed it was a ransomware incident in its SEC filing yesterday.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!