January 29, 2024 at 03:12PM
Schneider Electric was hit by a Cactus ransomware attack, compromising its Sustainability Business division and leading to data theft. The attack also disrupted its Resource Advisor cloud platform. The stolen data may include sensitive information about customers’ power utilization and compliance with environmental regulations. Schneider Electric is currently working on recovery, containment, impact assessment, and forensic analysis.
Based on the meeting notes provided, the key points are:
1. Schneider Electric encountered a Cactus ransomware attack, leading to the theft of corporate data from its Sustainability Business division on January 17th.
2. The attack interrupted the Resource Advisor cloud platform and resulted in the theft of terabytes of corporate data.
3. The stolen data may include sensitive information about customers’ power utilization, industrial control and automation systems, and compliance with environmental and energy regulations.
4. The ransomware gang has threatened to leak the stolen data if a ransom demand is not met.
5. Schneider Electric has confirmed the cyberattack and stated that only the Sustainability Business division was affected.
6. The company is working on remediation steps and containment measures, with an expectation that access to the impacted systems will resume in the next two business days.
7. Schneider Electric had previously been targeted in the MOVEit data theft attacks by the Clop ransomware gang.
8. The Cactus ransomware operation launched in March 2023 and has conducted double-extortion attacks on numerous companies.
These takeaways summarize the major points from the meeting notes. Let me know if you need any further information or a more detailed analysis.