Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.
BleepingComputer has learned that the ransomware attack hit the company’s Sustainability Business division earlier on January 17th. The attack disrupted some of Schneider Electric’s Resource Advisor cloud platform, which continues to suffer outages.
The ransomware gang reportedly stole terabytes of corporate data during the cyberattack and is now extorting the company by threatening to leak the stolen data if a ransom demand is not paid.
While it is not known what type of data was stolen, the Sustainability Business division provides consulting services to enterprise organisations, advising on renewable energy solutions and helping them navigate complex climate regulatory requirements for companies worldwide. Customers of Schneider Electric’s Sustainability Business division include Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.
The stolen data could contain sensitive information about customers’ power utilisation, industrial control and automation systems, and compliance with environmental and energy regulations.
It is not known if Schneider Electric will be paying a ransom demand, but if one is not paid, we will likely see the ransomware gang leaking the stolen data as they have done after previous attacks.
In a statement to BleepingComputer, Schneider Electric confirmed that its Sustainability Business division suffered a cyberattack and that data was accessed by the threat actors. However, the company says the attack was restricted to this one division and did not impact other parts of the company.