Schneider Electric Losses System to Cactus Ransomware

Schneider Electric, a prominent energy management and automation company, fell victim to a Cactus ransomware attack, resulting in the unauthorized access and theft of corporate data, as reported by sources familiar with the incident.

As per reports, the ransomware attack targeted Schneider Electric’s Sustainability Business division on January 17th, disrupting portions of the Resource Advisor cloud platform, which continues to experience disruptions. The ransomware group responsible for the attack exfiltrated terabytes of corporate data and is currently demanding a ransom, threatening to release the stolen information if the firm fails to comply.

The nature of the stolen data remains undisclosed, but the Sustainability Business division offers consulting services to enterprises, providing advice on renewable energy solutions and assisting in navigating complex climate regulatory requirements globally. Schneider Electric’s Sustainability Business division serves clients such as Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.

Potentially sensitive information within the stolen data could encompass details about customers’ power consumption, industrial control and automation systems, and compliance with environmental and energy regulations.

While it remains uncertain whether the firm intends to fulfill the ransom demand, failure to comply may result in the ransomware group releasing the pilfered data, following a pattern observed in previous incidents.

Schneider Electric Confirms Cyberattack

The company confirmed the cyberattack on its Sustainability Business division, acknowledging unauthorized access by threat actors. The company clarified that the impact stayed within this specific division and did not extend to other parts of the organization.

Schneider Electric, a French multinational company with a revenue of $28.5 billion for the first nine months of 2023 and a global workforce of over 150,000, manufactures a wide range of energy and automation products. Notably, Schneider Electric will release its full-year financial results for 2023 next month.

The company has previously faced cybersecurity challenges, including being targeted in the MOVEit data theft attacks orchestrated by the Clop ransomware gang, impacting over 2,700 companies.