Schneider Electric’s Sustainability Business Suffers Ransomware Attack

French energy management and industrial automation giant Schneider Electric, in a public announcement, revealed a ransomware attack on its Sustainability Business division.

The company said the incident disrupted operations of some division specific systems, including Resource Advisor, its cloud-based sustainability and energy management platform.

The attack which took place on January 17, 2024 is claimed by the Cactus ransomware group, and it is believed to have resulted in significant amounts of corporate data theft as well. However, on its TOR site, the gang is yet to add Schneider to its list of victims.

Although details of the stolen data are yet to be shared, Schneider has notified the impacted customers of the incident. Known to provide consulting services to enterprises like PepsiCo, Walmart, DuPont, and Hilton, the Sustainability division helps organizations with their energy efficiency projects and energy procurement.

‘’The on-going investigation shows that data have been accessed. As more information becomes available, the Sustainability Business division [..] will continue the dialogue directly with its impacted customers and [..] provide information and assistance as relevant,’’ Schneider stated.

Immediately after discovery, the company deployed containment measures to ‘’contain the incident and reinforce existing security measures.’’

In the January 29th notification, the company reassured its various stakeholders that no other division within the Schneider Electric group was affected, as the Sustainability Business, an autonomous entity, operates its own isolated network infrastructure.

To analyze the impact of the security incident, the company continues to work with relevant authorities and has also availed services of leading cybersecurity firms.

Previously, Schneider Electric was targeted by the Cl0p ransomware group. The company was one of the many victims of the widespread MOVEit attack, which is said to have impacted approximately 2,611 organizations worldwide.

Active since March 2023, Cactus ransomware is known to adopt the double-extortion technique and has added numerous enterprises to its list of victims.