Update 20/02/2024 – The Cactus hackers claim to have stolen 1.5TB of data. As proof, they leaked 25MB of the data on the dark web. They also published snapshots of US citizens’ passports and scans of documents with a non-disclosure agreement.
Original – French multinational Schneider Electric has fallen victim to a ransomware attack, reportedly obtaining terabytes of company data.
BleepingComputer has obtained details about the attack, and Schneider Electric also confirmed the attack. The cybercriminals are threatening to publicly share Schneider Electric’s stolen data if a ransom is not paid. It is not known exactly what data the hackers captured.
Only the Sustainability Business department has been affected by the Cactus ransomware group. This department provides consulting services to large companies to guide them in using renewable energy and complying with regulations related to climate. According to BleepingComputer, the stolen sensitive information could potentially relate to energy consumption, industrial control systems and regulatory compliance by Schneider Electric customers.
In a statement, Schneider Electric stressed that the attack did not impact other parts of the company. “From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment. Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days,” the company said.
Schneider Electric’s investigation also shows that there was actual unauthorized access to the data. “As more information becomes available, the Sustainability Business division of Schneider Electric will continue the dialogue directly with its impacted customers and will continue to provide information and assistance as relevant,” the French multinational assures.