The Cactus ransomware group claims to have stolen 1.5TB of Schneider Electric data, putting the global energy management leader on high alert. According to BleepingComputer, the attackers broke into the company’s network last month, but how that happened still remains a mystery.
Details of the Breach
The Cactus ransomware gang, in a bold move, released 25MB of the stolen data on their dark web platform yesterday. This release serves as evidence of the breach and includes snapshots of American citizens’ passports and scans of non-disclosure agreements.
The target of the breach was the Sustainability Business division of Schneider Electric, with the intrusion occurring on January 17th. This division is known for its pivotal role in providing renewable energy solutions and regulatory compliance consulting to some of the world’s most recognized corporations.
Extortion Threats
As with other ransomware attacks, the Cactus ransomware group has now resorted to extorting Schneider Electric, threatening the release of the entire cache of stolen data unless their ransom demands are met.
So, what did they steal exactly? It could be sensitive data on customer’s industrial control and automation systems as well as compliance information related to environmental and energy regulations.
Impact on Schneider Electric
Schneider Electric is grappling with the implications of this breach. With a workforce of over 150,000 and a reported revenue of $28.5 billion in 2023, the breach poses a significant threat to the company’s reputation and operational integrity.
However, this is not the first time the company has been the target of a cyber attack. They have previously fallen victim to Clop ransomware’s MOVEit data theft, which affected over 2,700 organizations.
The Cactus Ransomware Operation
Emerging in March 2023, the Cactus Ransomware Group has quickly gained notoriety for its double-extortion tactics. The group employs various methods to infiltrate corporate networks, including the use of purchased credentials, phishing schemes, and the exploitation of security vulnerabilities.
Once inside, they exfiltrate sensitive data to leverage in ransom negotiations. Since its inception, the group has targeted over 100 companies, with some already suffering data leaks or facing ongoing extortion threats.
Final Word
As companies worldwide navigate the complexities of digital security, incidents like these serve as a stark reminder of the vulnerabilities that exist out there and the need for constant vigilance.