Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Cactus ransomware hackers say they stole terabytes of Schneider Electric data

ID theft.

The Cactus ransomware hackers have claimed responsibility for the recent cyberattack on Schneider Electric, claiming to have stolen 1.5TB of sensitive data in the heist.

The ransomware group added the energy giant to its data leak website, posted samples of the stolen data, and are demanding money in exchange for keeping the data secure.

While it is impossible to determine exactly what type of data the group stole at this point, the hackers are thought to have accessed Schneider Electric’s Sustainability Business, which provides renewable energy and regulatory compliance consulting to large corporations around the world. Some of its clients include DHL, Hilton, Lexmark, and Walmart.

Contained attack

The group also posted a 25MB sample, which includes snapshots of people’s passports, and scans of different non-disclosure agreements. The group is now asking for money in exchange for keeping the data safe, but we don’t know exactly how much money they’re asking for, or if Schneider Electric is even interested in paying. 

However, the media argue the data could include sensitive information about client industrial control and automation systems which, if leaked, could turn into an even bigger problem for Schneider.

Cactus is a known threat actor that was first spotted in May 2023, when researchers discovered a ransomware variant that evades detection by encrypting itself. What also makes Cactus interesting is that it has multiple modes of encryption, including a quick mode. If the operators decide to run both modes one after the other, the files will be encrypted twice and will get two file extensions. 

"From a recovery standpoint, Sustainability Business is performing remediation steps to ensure that business platforms will be restored to a secure environment,” the company said in mid-January, when the breach was first detected.  “Teams are currently testing the operational capabilities of impacted systems with the expectation that access will resume in the next two business days.” 

“From a containment standpoint, as Sustainability Business is an autonomous entity operating its isolated network infrastructure, no other entity within the Schneider Electric group has been affected.”

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.