February 20, 2024 at 09:03AM
The Cactus ransomware gang claimed responsibility for the cyberattack on Schneider Electric. The attack only impacted the Sustainability Business division, and certain data was exfiltrated. The gang has threatened to disclose stolen data unless a ransom is paid. Schneider Electric’s clients’ impact is unclear. Cactus has been actively exploiting vulnerabilities and lists over 100 companies on its leak site.
From the meeting notes, it is evident that the Cactus ransomware gang has claimed responsibility for the cyberattack on Schneider Electric’s Sustainability Business division. The attack resulted in the exfiltration of approximately 1.5 terabytes of data, including sensitive information such as passports and non-disclosure agreements. The gang has threatened to make the stolen data public unless a ransom is paid. Schneider Electric has restored access to the impacted systems, although it is unclear how many of its clients, including Clorox, DHL, Hilton, and PepsiCo, were affected by the incident.
Furthermore, the Cactus ransomware gang has been active since at least March 2023 and has been involved in exploiting vulnerabilities in products of various companies, including business analytics firm Qlik and Fortinet VPN flaws. They have also been observed using remote access tools, stealing credentials, and encrypting data on accessible systems. It is important to note that Cactus is currently listing more than 100 companies on its leak site, highlighting its extensive activity in recent months.
In addition, it is worth noting that other companies, including LoanDepot and Prudential Financial, have also been targeted by ransomware attacks, showcasing the widespread impact of such incidents.
Please let me know if there is anything else you would like me to focus on or if there are specific takeaways you need from these meeting notes.