Schneider Electric ransomware crew demands $125k paid in baguettes

Schneider Electric ransomware crew demands $125k paid in baguettes

November 5, 2024 at 04:56PM

Schneider Electric is investigating a breach by the ransomware group Hellcat, which claims to have stolen over 40 GB of data and demands $125,000 in baguettes. The breach affects critical data and user information accessed through the company’s Atlassian Jira system. This marks Schneider’s third breach in two years.

**Meeting Takeaways: Schneider Electric Ransomware Breach**

1. **Breach Confirmation**: Schneider Electric is currently investigating a ransomware attack from the group Hellcat, which claims to have stolen over 40 GB of compressed data.

2. **Ransom Demand**: Hellcat has demanded payment of $125,000 in baguettes, a humorous but serious demand reflecting the unusual nature of the ransom request.

3. **Data Compromised**: The breach includes critical project-related data, issues, plugins, and over 400,000 rows of user data.

4. **Method of Access**: Hellcat claims to have accessed Schneider Electric’s infrastructure through the company’s Atlassian Jira system.

5. **Threats Made**: The attackers have threatened to release the compromised information if their demands are not met, while stating that acknowledging the breach could result in a 50% reduction in the ransom amount.

6. **Leadership Context**: Olivier Blum has recently been announced as Schneider Electric’s new CEO, making this ransomware incident a challenging situation for him in his first week.

7. **Previous Breaches**: This marks Schneider Electric’s third significant breach in less than two years, following incidents involving Cactus ransomware and the CL0P ransomware crew.

8. **Data Leaked by Hellcat**: On the same day as the Schneider incident, Hellcat also leaked data belonging to Jordan’s Ministry of Education and Tanzania’s College of Business Education.

**Action Items**:
– Further investigation into the breach and communication with cybersecurity teams is crucial.
– Consider potential responses and strategies for dealing with the ransom demand.
– Monitor the situation for updates and prepare for potential public relations fallout.

Full Article