Energy management giant Schneider Electric was recently hit by a ransomware attack targeting its Sustainability Business division. The attack has disrupted business systems and caused the theft of terabytes of corporate data, which the hackers now threaten to leak publicly if extortion demands are not met.
According to Bleeping Computer, the attack has been attributed to the notorious Cactus ransomware group. However, it is worth noting that Schneider Electric has not yet been included on the group's leak website, which operates on the Tor network.
Cactus has recently targeted numerous critical organizations around the globe. Cybersecurity experts describe them as a sophisticated group that carefully conducts reconnaissance before breaching networks, stealing valuable data, encrypting files, and leaving ransom notes for large sums of Bitcoin.
In Schneider Electric's case, Cactus infiltrated and moved laterally across its internal network undetected before triggering the ransomware payload. Teams are still working to restore affected business platforms and estimate two days until systems are remediated.
While the company stated it managed to isolate the attack on the Sustainability Business division using network segmentation, hackers still made off with troves of sensitive customer data tied to energy usage, efficiency controls, and regulatory information. As seen in past incidents, failure to meet the undisclosed ransom likely results in that data getting leaked or sold to other criminal groups.
"This Cactus ransomware attack on Schneider Electric joins the recent uptick of critical national infrastructure (CNI) attacks," said Darren Williams, CEO and Founder of cybersecurity firm BlackFog. "In particular, the energy sector is a prime target due to its potentially lucrative rewards, if successful, and the maximum chaos caused by its widespread public reach. Naturally, with high-profile customers including Hilton and PepsiCo, Schneider Electric fits the bill."
The Schneider Electric incident adds to already escalating threats against critical infrastructure providers around supply chain disruption, economic instability, and foreign espionage. "The U.K.'s NCSC recently warned of exponential threat increases towards CNI in its annual review, particularly as global tensions are on the rise," noted Williams. "Preventative measures like anti-data exfiltration are the safest option for CNI companies to defend against nasty attacks like these."
For Schneider Electric, restoring operations is only the first step as difficult conversations around legal obligations, preventative security investments, and potential liability lie ahead.
