Cactus ransom gang claims Schneider Electric


The ransomware outfit has apparently confirmed suspicions that it was behind the recent attack on the multinational company, leaking data that includes passport details and non-disclosure agreements signed by the company.

The dark web posting by the gang, dated February 20th, claims it stole 1.5TB of sensitive data from Schneider Electric.

ADVERTISEMENT

The sample data leak includes screenshotted passports of three people – most likely employees or customers of Schneider – and two confidential signed agreements.

Schneider announced on January 29th that it had been hit by a ransomware attack some two weeks previously. At the time of the report, there was speculation that the Cactus ransomware gang was responsible.

Those rumors would now appear to be confirmed – although the true extent of the leak is difficult to verify.

The attack appeared not to have caused major damage to the company’s systems – its platform was reported as being back online two days afterward.

A French multinational company on the Fortune Global 500 list, Schneider enjoys a market capitalization of €105 billion (about $113 billion). It specializes in energy technologies, automation, and software.

Cactus is tracked as having been on the cybercriminal scene since March 2023 and was also connected to last year’s attack on Swedish grocery chain Coop. The gang is said to have leaked data in that case too, potentially exposing 167,000 people.

Cybernews has reached out to Schneider for comment and will update as and when a response is received.

ADVERTISEMENT