Schneider Electric offices in Europe
Image: IgorCalzone1 via Wikimedia Commons (CC BY-SA 4.0)

Schneider Electric confirms ransomware attack on sustainability division

French multinational Schneider Electric said its Sustainability Business division suffered from a ransomware attack earlier this month.

The company confirmed the incident in a statement this week that the attack affected its Resource Advisory product — a data visualization tool for sustainability information — as well as other “division specific systems.”

Schneider Electric said they have confirmed that data was accessed by the hackers. Bleeping Computer, which first reported the incident, said the Cactus ransomware gang is behind the attack.

“Schneider Electric Global Incident Response team has been immediately mobilized to respond to the attack, contain the incident, and to reinforce existing security measures. Sustainability Business division has informed impacted customers,” the company said.

“From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment. Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days.”

The company noted that Sustainability Business is an autonomous entity operating on an isolated network infrastructure and no other Schneider Electric divisions were affected. Cybersecurity firms have been hired to investigate the incident.

Schneider Electric — which reported a revenue of more than $37 billion in 2022 — did not respond to requests for comment about whether the Cactus ransomware group was responsible for the attack, which took place on January 17.

Microsoft warned of the Cactus ransomware in December, explaining that the group was using online advertisements to infect victims. Incident response firm Dragos also said it is increasingly seeing Cactus ransomware used in attacks on industrial organizations, impacting manufacturing and ICS equipment and engineering sectors.

The group emerged in March last year but “appears to be run by skilled, experienced hackers,” ransomware expert Allan Liska told Recorded Future News in December. The gang took credit for an attack on Coop, one of Sweden's largest supermarket chains, around New Years.

Schneider Electric dealt with data theft by a ransomware gang last year, when the Clop ransomware group stole information from the company using a vulnerability in popular file transfer tool MOVEit.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.