Schneider Electric Ransomware attack – Jan 2024

This content has been archived. But, the content is true and relevant to the underlying technology products or infrastructure services.

French conglomerate Schneider Electric has reported a ransomware attack on one of its divisions in January 2024.

We look at the details of this ransomware incident below.

Salient points

  • The ransomware attack on Schneider Electric targeted the Sustainability Business division and impacted the Resource Advisor.
  • The attack was first detected on 17 January 2024.
  • Schneider Electric released a press statement on 29 January to acknowledge the attack.
  • This ransomware attack was carried out by the Cactus ransomware group. As of writing this, the Cactus ransomware group has not yet listed Schneider Electric on their leak website
  • As of writing this, Schneider Electric’s Sustainability Business Division’s operations are impacted. The company is striving to restore operations to normalcy.
  • The Sustainability Business Division has informed the impacted customers about the incident.
  • A full-fledged forensic audit is being carried out with the help of cyber-security consultants to gauge the cause and impact of this ransomware attack.
  • Data theft has been reported by Schneider Electric. The extent and scale of data theft is unconfirmed. There is no clarity about the potential compromise of sensitive customer data. More details are awaited about the exact data compromise or theft.
  • No other entity within the Schneider Electric group has been affected by this ransomware incident
  • The corporate website of Scheider Electric is working fine.
  • Schneider Electric’s share price is part of the CAC40 index in France. It reported a dip on 29 January and breached €181 price levels. However, the share price staged a recovery over the next 2 days and is currently trading upwards of €184 on the French bourses.
Schneider Electric

Cause of the ransomware incident

As of writing this, details about the cause of the ransomware incident are unknown. It is yet to be confirmed if the Cactus ransomware group used an existing vulnerability within the infrastructure to target Schneider Electric. Or, if a phishing attack was used to gain entry into the network of Schneider Electric’s Sustainability Business Division.

About Cactus ransomware

The Cactus ransomware group is a threat actor that burst fore to the scene in March 2023.

Cactus gains initial access to target networks by exploiting known vulnerabilities in various systems It employs multiple remote access methods for carrying out its attacks. The group’s ransomware encrypts itself to protect the ransomware binary, making it harder to detect and granting the malware the ability to evade antivirus and network security solutions. 

After stealing the data and gaining administrative privileges on the network, the threat actors encrypt files and conduct double-extortion attacks, demanding a ransom to receive both a file decryptor and a promise to destroy and not leak the stolen data. If the ransom is not paid, the threat actors will leak the stolen data on a data leak site. 

Over 51 percent of Cactus’s targets are from the United States. Companies from the United Kingdom and Canada are the next two names on the targeted country list of Cactus ransomware victims.

Most of Cactus’s ransomware victims are high-profile companies.

Other ransomware stories

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.