Connect with us

Hi, what are you looking for?



Schneider Electric Responding to Ransomware Attack, Data Breach 

Schneider Electric’s Sustainability Business division disrupted as a result of a ransomware attack and data breach. 

Schneider Electric

Schneider Electric’s Sustainability Business division is dealing with a ransomware attack that also appears to have resulted in a data breach, the French industrial giant said on Monday.

According to the company, the incident is limited to its Sustainability Business division, which it has described as an “autonomous entity operating its isolated network infrastructure”. 

Schneider Electric said the cyberattack has impacted Resource Advisor and other systems used by the targeted division, but it expects access to business platforms and operations to resume within two business days. 

The attack was discovered on January 17 and the company’s investigation is ongoing, but some evidence suggests that the hackers have accessed data, including customer information.

Bleeping Computer reported that the Cactus ransomware group is behind the attack. However, the group has yet to list Schneider Electric on its Tor-based leak website.

The Cactus ransomware has been active since at least March 2023 and at the time of writing the group’s leak website shows 86 alleged victims. 

The ransomware made headlines in November, when security operations firm Arctic Wolf reported that three vulnerabilities affecting a product of business analytics firm Qlik had been exploited for initial access. The attackers attempted to deploy the Cactus ransomware on compromised systems.

“Schneider Electric is yet to confirm if the Cactus ransomware brand were responsible for the attack, and they have not as yet been listed on the groups leak site, however Cactus has become increasingly active in recent months,” Stephen Robinson, senior threat intelligence analyst at WithSecure, told SecurityWeek.

Advertisement. Scroll to continue reading.

“They are a multipoint extortion group who first appeared in March 2023, and their TTPs follow the standard ransomware playbook, making use of well-known tooling and methods. During multiple of their initial attacks in 2023, Cactus gained access to victim networks via vulnerable VPN gateways, often Fortinet VPN instances,” Robinson added.

This is not the first time Schneider Electric has been targeted by a ransomware group. The company was one of the many victims of the Cl0p gang’s massive MOVEit attack campaign. 

Related: Major US, UK Water Companies Hit by Ransomware

Related: Aviation Leasing Giant AerCap Hit by Ransomware Attack

Related: Subway Sandwich Chain Investigating Ransomware Group’s Claims

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.