Ransomware

Schneider Electric reports cyberattack, its third incident in 18 months

The ransomware group HellCat claims responsibility for the cyberattack and threatens to dump 40GB.

November 5, 2024

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Facade of the headquarters building of Schneider Electric, a French multinational company specializing in digital automation and energy managementl (Getty Images)

Multinational energy management company Schneider Electric said Tuesday it was the victim of a cyberattack, with attackers behind a new ransomware variant claiming responsibility.

“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” a spokesperson said in an emailed statement. “Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric’s products and services remain unaffected.”

The company was a listed victim on the Hellcat ransomware variant’s leak site, with attackers demanding a $150,000 ransom in “baguettes,” an obtuse reference to the company’s headquarters being located in France. In reality, the attackers are looking for payment in Monero, a privacy-focused cryptocurrency.

HellCat claims to have more than 40 gigabytes of data from the company’s JIRA platform, “including projects, issues, and plugins, along with over 400,000 rows of user data.” Jira is a general application used for project management that could include sensitive or proprietary information about employees or major projects.

Attackers did not further describe what type of information was stolen.

Screenshot from HellCat’s onion web site.

“To secure the deletion of this data and prevent its public release, we require a payment of $125,000 USD in Baguettes. Failure to meet this demand will result in the dissemination of the compromised information,” the note says, adding that “stating the breach” will decrease the ransom by half. “Its your choice Olivier…”

The message seemingly refers to new Schneider Electric Chief Executive Olivier Blum, who took over as CEO this week after Peter Herweck was ousted from the role.

HellCat has previously published records they claim to be from the Jordan Ministry of Education and Tanzania’s College of Business Education.

The incident marks the third time in the past 18 months that Schneider Electric has been attacked by ransomware groups. In January, the company’s sustainability business division was hit with Cactus ransomware. In June 2023, the company disclosed that it was targeted by Cl0p via the exploit used in the MoveIT breach.