In a recent cyber incident, the Cactus ransomware gang asserted that they successfully infiltrated Schneider Electric's network, purloining a substantial 1.5 terabytes of data.
The breach occurred last month, with 25 megabytes of the purportedly stolen data already leaked on the dark web leak site operated by the ransomware group. These leaked files include snapshots displaying passports of American citizens and scans of non-disclosure agreement documents.
Extortion Tactics Done by Cactus Ransomware Group
The Cactus ransomware group is cooking a "thorny" tactic against Schneider Electric in the latest security incident. The gang reportedly stole 1.5 TB of data and threatened that it would leak them on the dark web.
The cybercriminals breached Schneider Electric's Sustainability Business division on January 17th, according to reports by BleepingComputer. Following the breach, the ransomware gang has resorted to extortion, threatening to disclose all the pilfered data unless a ransom demand is met.
Related Article: US Imposes Sanctions on 2 Lockbit Ransomware Gang Members After Its Website Taken Down
Potential Impact of Cactus Attack
Although the specific nature of the stolen data remains undisclosed, Schneider Electric's Sustainability Business division offers crucial services in renewable energy and regulatory compliance consultation to numerous prominent global entities. Clients include Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.
Consequently, the compromised data could contain sensitive details regarding customers' industrial control and automation systems, as well as information concerning environmental and energy regulations compliance.
For those unfamiliar with Schneider Electric, it is a renowned French multinational specializing in energy management and automation manufacturing, boasting a workforce of over 150,000 employees globally. With a staggering revenue of $28.5 billion reported in 2023, the company has a significant footprint in various sectors.
Cactus Ransomware Operation is Quite New
The Cactus ransomware operation emerged in March 2023, introducing a new wave of double-extortion attacks. Utilizing acquired credentials, partnerships with malware distributors, phishing tactics, or exploiting security vulnerabilities, the threat actors infiltrate corporate networks. Once inside, they navigate through the compromised systems, pilfering sensitive data, which they leverage during ransom negotiations.
Continuous Extortion
Since its inception, the Cactus ransomware gang has targeted over 100 companies, using their data leak site to pressure victims into meeting ransom demands. The group has already made data leaks online and continues to pose a significant threat to organizations worldwide.
In other news, Google was planning to block "bad websites" that might infect the users' devices. When opened, they can spread security flaws to vulnerable networks.
In our previous report, the search engine giant was exploring how to bring enhanced protection against malicious sites. This feature is said to prevent unauthorized access to internal devices.
Chrome users are usually at risk of this attack despite several updates on the browser. Some people mindlessly click on a website without verifying the authenticity of the page and what it offers to the public.
Read Also: Google Cloud Run Service Flagged With Banking Malware: Here's How It's Abused
