The hacker group known as Cactus Ransomware has claimed responsibility for stealing 1.5 terabytes of data from Schneider Electric, a prominent player in the energy control and automation sector.
On their website, the criminals posted 25 megabytes of the stolen information, which includes scans of passports of American citizens and documents pertaining to non-disclosure agreements, posing a significant threat to the company’s reputation (TRASE) .
The breach primarily impacted Schneider Electric’s sustainable development units, particularly its Sustainability Business, while other resources remained unaffected. The attack took place on January 17th of this year, and although the networks have been restored, the hackers are now demanding a ransom under the threat of releasing the stolen data.
The full extent of the data accessed by the hackers is currently unknown. However, as Sustainability Business serves major companies worldwide such as Allegiant Travel Company, Clorox, DHL, Dupont, Hilton, Lexmark, Pepsico, and Walmart, it is possible that Cactus Ransomware has gained access to information related to industrial energy infrastructure and environmental compliance.
Schneider Electric, a multinational corporation based in France with over 150,000 employees, reported a profit of $28.5 billion in 2023. The company has previously faced cyberattacks, including the Clop Master virus that impacted more than 2700 organizations.
Cactus Ransomware, a relatively new player in the cybercrime landscape as of March 2023, is known for employing double extortion attacks, in which they encrypt valuable data and demand ransom for its release.
The group uses various tactics to breach networks, such as purchasing compromised credentials, collaborating with malware distributors, conducting phishing attacks, or exploiting vulnerabilities. Despite its brief existence, Cactus Ransomware has already leaked data from over 100 organizations.