Incident Awareness – Schneider Electric Confirms Ransomware Incident

Schneider Electric confirmed it fell victim to a ransomware attack on January 17 in its Sustainability Business division. The Cactus ransomware group has claimed responsibility. The attack resulted in theft of corporate data and disrupted some of the company’s Resource Advisor cloud platform. Schneider has assured the public that “no other entity within the Schneider Electric group has been affected” and “teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days.” It’s still not clear what type of data was stolen, however it is likely to contain sensitive information about industrial control and automation systems as well as customers’ power utilization. Schneider Electric was reportedly impacted in the widespread MOVEit data theft attacks by the Cl0p ransomware group that impacted over 2,700 companies. The Cactus gang has made headlines since March 2023 and has since built a reputation for leaking corporate data if a ransom is not paid. For more information, access bleeping computer, or Industrial Cyber.