A recent cyber threat emerges as the Cactus ransomware gang claims to have successfully breached Schneider Electric’s network, stealing 1.5TB of data from the renowned energy management and automation giant.
The ransomware group, which first infiltrated Schneider Electric’s Sustainability Business division on January 17th, has now escalated its attack by leaking 25MB of allegedly stolen data on the dark web. Among the leaked information are snapshots featuring the passports of American citizens and scans of non-disclosure agreement documents, serving as evidence of the threat actor’s claims.
As reported by BleepingComputer, the Cactus ransomware gang is currently holding Schneider Electric hostage, demanding a ransom payment in exchange for not releasing the entirety of the stolen data. The nature of the compromised information remains unclear, but Schneider Electric’s Sustainability Business division offers renewable energy and regulatory compliance consulting services to major global corporations such as Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.
Given the potential sensitivity of the stolen data, it could encompass information related to customers’ industrial control and automation systems, as well as details regarding environmental and energy regulations compliance.
Schneider Electric, a French multinational in the energy and automation manufacturing sector, with over 150,000 employees worldwide, reported a revenue of $28.5 billion in 2023. This is not the first time the company has faced a cybersecurity threat, as it previously fell victim to Clop ransomware’s MOVEit data theft attacks, impacting over 2,700 other organizations.
The Cactus ransomware operation, which surfaced in March 2023, employs double-extortion attacks to maximize its impact. Using various methods such as purchased credentials, partnerships with malware distributors, phishing attacks, and exploiting security vulnerabilities, the operators gain unauthorized access to corporate networks. Once inside, they navigate through the compromised systems, stealing sensitive data to leverage in ransom negotiations.
This incident highlights the growing threat landscape facing major corporations, emphasizing the need for robust cybersecurity measures to safeguard against ransomware attacks.