Cactus ransomware hackers say they stole terabytes of Schneider Electric data
The group is demanding payment in exchange for 1.5TB of stolen files
The Cactus ransomware hackers have claimed responsibility for the recent cyberattack on Schneider Electric, claiming to have stolen 1.5TB of sensitive data in the heist.
The ransomware group added the energy giant to its data leak website, posted samples of the stolen data, and are demanding money in exchange for keeping the data secure.
While it is impossible to determine exactly what type of data the group stole at this point, the hackers are thought to have accessed Schneider Electric’s Sustainability Business, which provides renewable energy and regulatory compliance consulting to large corporations around the world. Some of its clients include DHL, Hilton, Lexmark, and Walmart.
Contained attack
The group also posted a 25MB sample, which includes snapshots of people’s passports, and scans of different non-disclosure agreements. The group is now asking for money in exchange for keeping the data safe, but we don’t know exactly how much money they’re asking for, or if Schneider Electric is even interested in paying.
However, the media argue the data could include sensitive information about client industrial control and automation systems which, if leaked, could turn into an even bigger problem for Schneider.
Cactus is a known threat actor that was first spotted in May 2023, when researchers discovered a ransomware variant that evades detection by encrypting itself. What also makes Cactus interesting is that it has multiple modes of encryption, including a quick mode. If the operators decide to run both modes one after the other, the files will be encrypted twice and will get two file extensions.
"From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment,” the company said in mid-January, when the breach was first detected. “Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“From a containment standpoint, as Sustainability Business is an autonomous entity operating its isolated network infrastructure, no other entity within the Schneider Electric group has been affected.”
Via BleepingComputer
More from TechRadar Pro
- LockBit ransomware gang shut down? Website for notorious criminal gang no longer operational
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.