Dive Brief:
- Schneider Electric restored operations at its sustainability business division as of Jan. 31 following a ransomware attack, the company said in an update posted last Friday.
- The firm disclosed the Jan. 17 attack in a Jan. 29 blog post and warned about the pause in operations. Cactus Ransomware previously claimed credit for the incident.
- The company confirmed attackers exfiltrated data and said it would reach out directly to affected customers.
Dive Insight:
The full extent of the January attack is still part of a forensic investigation, which will help the company understand the type of data that was accessed and the number of customers impacted.
Schneider Electric said the attack impacted its EcoStruxure Resources Advisor platform, which has more than 2,000 customers globally. The company said the sustainability business division is an autonomous unit operating in an isolated network structure.
Schneider Electric did not provide any specifics about the type or volume of data that was exfiltrated. Cactus ransomware claimed credit for the attack and threatened to release stolen data if demands were not met, according to BleepingComputer.
Cactus ransomware emerged last March, and has become very active in recent months.
“We observed increased activity by Cactus in Q4,” Laurie Iacono, associate managing director, cyber risk at Kroll, said via email. “In the cases we observed, tactics, techniques and procedures were very similar to the first cases we reported on in March, leveraging VPN for initial access.”