CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



Johnson Controls Ransomware Attack Could Impact DHS

DHS is reportedly investigating the impact of the recent Johnson Controls ransomware attack on its systems and facilities.

Sensitive Department of Homeland Security (DHS) information might have been compromised in a recent ransomware attack aimed at government contractor Johnson Controls International.

A multinational giant headquartered in Cork, Ireland, Johnson Controls produces industrial control systems and smart building equipment, software, and services, including HVAC, security, fire protection, and support solutions.

The company serves clients in the education, government, healthcare, hospitality, naval, and transportation sectors, including the DoD, DHS, and other government agencies in the US.

In an 8-K Form filing last week, the company announced that it fell victim to a cyberattack that disrupted some of its “internal information technology infrastructure and applications”.

While the company did not share information on the type of cyberattack it has suffered, the disruptions are indicative of file-encrypting ransomware being deployed on the company’s internal systems.

In fact, cybersecurity experts have revealed on social media that a ransomware group called Dark Angels has claimed responsibility for the attack.

The cybercrime group claims to have exfiltrated 27TB of sensitive data from Johnson Controls and is apparently demanding a $51 million ransom from the company to provide it with a decryption tool and to delete the stolen information.

According to CNN, after news of the ransomware attack broke, the DHS launched its own investigation into the matter, to determine whether sensitive department data might have been compromised during the attack.

Advertisement. Scroll to continue reading.

An internal DHS memo reportedly states that Johnson Controls holds documents depicting “the physical security of many DHS facilities”, such as floor plans and security information, and that these documents might have been stored on the compromised servers.

The exact impact on the DHS’s systems and facilities is yet unknown, but further details on the matter are likely to become available as the investigation into the incident advances.

Responding to a SecurityWeek inquiry, Johnson Controls shared no other details than what it included in the 8-K Form last week.

Related: FBI Warns Organizations of Dual Ransomware, Wiper Attacks

Related: City of Dallas Details Ransomware Attack Impact, Costs

Related: Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.