Fraud Management & Cybercrime , Ransomware

Ransomware Attack on Schneider Electric Sustainability Unit

Manufacturer Confirms Systems Down; Data on Energy Consumption, Emission Accessed
Ransomware Attack on Schneider Electric Sustainability Unit
A Schneider Electric facility in Houston, Texas (Image: Shutterstock)

Schneider Electric built its business on manufacturing circuit breakers and other electrical parts, but nowadays it also helps clients go green. The company collects data from more than 2,000 companies in its Resource Advisor software to track energy consumption, emissions and their overall sustainability scores.

See Also: Live Webinar | Adversary Analysis of Ransomware Trends

The company said Tuesday that a ransomware attack has locked up Resource Advisor and other corporate systems of its Schneider Electric Sustainability Business division and has accessed data. The company said it plans to resume operations two business days after remediation is complete.

Russian ransomware group Cactus claimed responsibility for encrypting the company's systems and stealing terabytes of data, according to a report by Bleeping Computer. Cactus does not appear to list Schneider on its dark web leak page.

"From an impact assessment standpoint, the ongoing investigation shows that data have been accessed," the company said. "As more information becomes available, the Sustainability Business division of Schneider Electric will continue the dialogue directly with its impacted customers and will continue to provide information and assistance as relevant."

Paris-based Schneider Electric is a global company that provides energy management and digital automation products manufactured at 25 factories. Most of its business is based in North America, and last year it reported 34 billion euros in revenues. While Schneider Electric said its sustainability division is separate from the rest of the business, which was unaffected by the breach, sustainability is one of three major lines of products and services.

Cactus ransomware group is relatively new - first observed in March 2023 - but it became a major ransomware-as-a-service operator.

The company did not say how much client data was affected by the incident or whether the group has threatened to extort its clients over their sustainability details and said its incident response teams and outside cybersecurity specialists are still investigating the incident.

Schneider Electric also helps clients protect operational technologies, by offering a range of cybersecurity services including consulting, design and implementation, monitoring, maintenance, and training services. The company said on its LinkedIn page that it serves 40% of Fortune 500 companies.

This latest hack affecting Schneider Electric comes less than a year after the company was affected by the Clop ransomware group's mass hack attack on MOVEit servers. The software supply chain hack affected nearly 3,000 organizations and the personal information of more than 77 million individuals.

About the Author

Cal Harrison

Cal Harrison

Editorial Director, ISMG

Harrison helps ISMG readers gain new perspectives on the latest cybersecurity trends, research and emerging insights. A 30-year veteran writer and editor, he has served as an award-winning print and online journalist, mass communication professor and senior digital content strategist for DXC Technology, where he led thought leadership, case studies and the Threat Intelligence Report for the Fortune 500 firm's global security, cloud and IT infrastructure practices.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.