Energy Giant Schneider Electric Hit by Cactus Ransomware Attack

Energy management and automation giant Schneider Electric recently suffered from a ransomware attack that targeted its Sustainability Business division, which provides services to enterprise organizations, advising on renewable energy solutions and helping them navigate complex climate regulatory requirements for companies worldwide. Some of the division’s customers include Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, and Walmart. The Cactus ransomware gang has claimed responsibility for the attack, reportedly stealing terabytes of corporate data during the attack. While it is unclear exactly what data was stolen, this could include sensitive information about customers' power utilization, industrial control and automation systems, and compliance with environmental and energy regulations.

Security Officer Comments:
It’s unclear how the actors were able to gain initial access and steal data. However, in the past, Cactus ransomware has breached corporate networks via purchased credentials, phishing attacks, and the exploitation of vulnerabilities.

Schneider Electric says that it is currently conducting an investigation to determine the full scope of the attack. Based on the information gathered so far, it looks like only the Sustainability Business division was impacted, with the energy management and automation giant working towards containing the attack and restoring impacted systems.