Schneider Electric targeted by Cactus ransomware gang

Energy management and automation vendor Schneider Electric became the target of a Cactus ransomware attack. This cyberattack occurred on January 17th and impacted the company's Sustainability Business division, leading to significant data theft.

Terabytes of corporate data were stolen during the incident, and the attackers are now threatening to release this information unless a ransom is paid.

Update - The Cactus ransomware gang claims they stole 1.5TB

The Sustainability Business division of Schneider Electric provides consulting services for enterprise organizations, focusing on renewable energy solutions and assisting with complex climate regulatory compliance worldwide. The division's clientele includes major corporations like Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart. The stolen data could potentially include sensitive details about these customers' power utilization, industrial control and automation systems, as well as compliance with environmental and energy regulations.

Following the attack, there were disruptions to Schneider Electric's Resource Advisor cloud platform, which continues to experience outages. The company confirmed the cyberattack and data access by threat actors.

Schneider Electric emphasized that the attack was confined to the Sustainability Business division and had no impact on other company segments. The division operates on an isolated network infrastructure, ensuring that no other Schneider Electric entity was affected. They are taking steps to restore its business platforms to a secure environment and is conducting operational tests on the impacted systems.

Schneider Electric claims that the investigation into this incident is ongoing and has not provided other information. The company will continue communicating directly with impacted customers and providing assistance as needed.