Schneider Electric confirms it was hit by ransomware attack

30 Jan 2024

Image: © Ricochet64/Stock.adobe.com

The company said its sustainability division was attacked and there are reports that the Cactus ransomware brand was behind the latest incident.

Global energy services company Schneider Electric has suffered a disruption to its systems after being hit by a ransomware attack.

The company said the attack was limited to its sustainability business division and that it disrupted the division’s resource advisor service and “other division specific systems”. Schneider Electric said its incident response team was “immediately mobilised” to contain the incident and to reinforce existing security measures.

The company said the incident had no impact on any other entity of Schneider Electric and that impacted customers have been informed.

“From an impact assessment standpoint, the ongoing investigation shows that data have been accessed,” the company said in a statement. “As more information becomes available, the sustainability business division of Schneider Electric will continue the dialogue directly with its impacted customers and will continue to provide information and assistance as relevant.”

The French multinational has offices in Ireland and was worth €34bn in July 2023, according to a Bloomberg report. BleepingComputer reports that the attack occurred on 17 January and that Cactus ransomware is behind the attack.

Stephen Robinson, a senior threat intelligence analyst at WithSecure, said Cactus is a “multipoint extortion group” who first appeared in March 2023, but noted that Schneider Electric has not confirmed if Cactus was responsible for the attack.

Robinson also noted that energy companies hold huge amounts of personal identifiable data which has value on the dark web and is “excellent leverage for cyberattackers when demanding a ransom”.

“The energy sector is a popular target for ransomware due to playing a vital role in society’s daily functioning – disruption can have far-reaching consequences,” Robinson said. “Schneider Electric themselves were victims of [the] Moveit ransomware campaign in 2023, so it is concerning to see them compromised again so soon.”

In June 2023, it emerged that several US state agencies, banks and universities were also victims of the massive Moveit hack, which also affected many organisations across Ireland and the UK.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com