Schneider Electric Gets Zapped By A Prickly Cactus Ransomware Attack

Power management and industrial automation company Schneider Electric (SE) was hit by a ransomware attack this month. With disclosures about the incident becoming available, it would indicate that while this was an isolated attack on SE, it could have repercussions for several companies whose data may have been compromised in the breach.

Yesterday, Schneider Electric posted a notice about a cybersecurity disruption that affected the Sustainability Business Division of SE. The bullet points of the incident note that it was a limited attack contained to the “Sustainability Business Division” and that there was no impact on any other SE entity. Further, the attack affected access to the Resource Advisor and Sustainability Business Division-specific systems. As it stands, access to the affected platforms should return to normal within the next business day, if it hasn't recovered already.


As for specifics on the attack, BleepingComputer found that this was a Cactus group ransomware attack, which, while it is unclear what data was stolen, could be quite concerning. Namely, it is rumored that terabytes of data were stolen from the division, which could contain sensitive information pertaining to companies like Allegiant Travel Company, Clorox, DHL, DuPont, Walmart, and many others who are clients of Schneider Electric. It is also unknown if SE will be paying ransom or what that ransom is, as it has yet to be posted or mentioned on the Cactus Blog.

In any event, this is an interesting look at the industrial supply chain and the risks posed by a single point of failure upstream from a plethora of companies. Hopefully, this is not as vast of a problem as previously alluded to, but we will have to see what happens next. Stay tuned here at HH for updates on the attack.