Schneider Electric ransomware crew demands $125k paid in baguettes
Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked.
And yes, you read that right: payment in baguettes. As in bread.
Schneider Electric declined to answer The Register‘s specific questions about the intrusion, including if the attackers really want $125,000 in baguettes or if they would settle for cryptocurrency.
A spokesperson, however, emailed us the following statement:
A ransomware crew called Hellcat claimed to have gained access to Schneider Electric’s infrastructure via the $40-billion energy management giant’s Atlassian Jira system.
“This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB Compressed Data,” the criminals posted on their leak site.
The miscreants also promised to delete the data as long as the French firm hands over the dough.
“Failure to meet this demand will result in the dissemination of the compromised information,” they threatened. “Stating this breach will decrease the ransom by 50 percent, its [sic] your choice Olivier…”
“Olivier,” we’d assume, is Olivier Blum, who, on Monday, was announced as Schneider’s new CEO. This is the same day that Hellcat added the multinational to its site of shame, which doesn’t make for a pleasant first week on the job.
Also on Monday, Hellcat leaked data that the group claimed belonged to Jordan’s Ministry of Education and Tanzania’s College of Business Education.
This is Schneider Electric’s third breach in less than two years. In February, Cactus ransomware infected the corporation’s Sustainability Business division. And in June 2023, the French giant was among the thousands of organizations and millions of individuals whose data was stolen by the CL0P ransomware crew in the MOVEit attacks. ®
READ MORE HERE