Schneider Electric hit by ransom gang

A ransomware attack has struck energy giant Schneider Electric’s Sustainability Business division, hampering access to business platforms and its operations, the company announced.

The ransomware incident was limited and affected Resource Advisor and other division specific systems on January 17th. The Sustainability Business division has informed impacted customers.

“Access to business platforms and operations will resume in the next two business days,” Schneider Electric announced on January 29th.

The platform's website, which was unavailable after the attack, is now back online. The company insists there was no impact on any other Schneider Electric entity: the incident was contained, as Sustainability Business is an autonomous entity operating within its own isolated network infrastructure.

“Schneider Electric Global Incident Response team has been immediately mobilized to respond to the attack, contain the incident, and to reinforce existing security measures,” the firm said.

Fallout from the incident will be assessed after the conclusion of an investigation, which has already found that some data was accessed. The division “will continue the dialogue directly with its impacted customers and will continue to provide information and assistance as relevant.”

Schneider Electric says it is working with relevant authorities and has engaged top cybersecurity firms to address the problem.

The firm is a French multinational company on the Fortune Global 500 list, with a market capitalization of €105 billion. It specializes in energy technologies, automation, and software.

Some people familiar with the matter attributed the cyberattack to the Cactus ransomware group, Bleeping Computer reported.

A few weeks ago, the same gang said it had released data belonging to 167,000 people connected to Swedish grocery chain Coop.

Cactus was first identified in March 2023. It has demonstrated a sophisticated understanding of evasion techniques, employing a dynamic approach to encryption and utilizing many tools and techniques to ensure its malicious payload is delivered effectively and covertly, according to SOCRadar.