Schneider Electric confirms ransomware attack on sustainability division

French multinational Schneider Electric said its Sustainability Business division suffered from a ransomware attack earlier this month.

The company confirmed the incident in a statement this week that the attack affected its Resource Advisory product — a data visualization tool for sustainability information — as well as other “division specific systems.”

Schneider Electric said they have confirmed that data was accessed by the hackers. Bleeping Computer, which first reported the incident, said the Cactus ransomware gang is behind the attack.

“Schneider Electric Global Incident Response team has been immediately mobilized to respond to the attack, contain the incident, and to reinforce existing security measures. Sustainability Business division has informed impacted customers,” the company said.

“From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment. Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days.”

The company noted that Sustainability Business is an autonomous entity operating on an isolated network infrastructure and no other Schneider Electric divisions were affected. Cybersecurity firms have been hired to investigate the incident.

Schneider Electric — which reported a revenue of more than $37 billion in 2022 — did not respond to requests for comment about whether the Cactus ransomware group was responsible for the attack, which took place on January 17.

Microsoft warned of the Cactus ransomware in December, explaining that the group was using online advertisements to infect victims. Incident response firm Dragos also said it is increasingly seeing Cactus ransomware used in attacks on industrial organizations, impacting manufacturing and ICS equipment and engineering sectors.

The group emerged in March last year but “appears to be run by skilled, experienced hackers,” ransomware expert Allan Liska told Recorded Future News in December. The gang took credit for an attack on Coop, one of Sweden's largest supermarket chains, around New Years.

Schneider Electric dealt with data theft by a ransomware gang last year, when the Clop ransomware group stole information from the company using a vulnerability in popular file transfer tool MOVEit.