Cactus Ransomware Gang Steals 1.5TB from Schneider Electric

The Cactus Ransomware group has announced the theft of 1.5 terabytes of data from the renowned energy management and automation giant, Schneider Electric.

The criminals have posted 25 megabytes of the stolen information on their website as proof. The compromised materials include scans of American citizens’ passports and non-disclosure agreements concerning internal information, representing a serious and dangerous leak that could severely tarnish the company’s reputation.

Ransomware alert message on a laptop screen – man at work

It is understood that the issue affected the systems of the Sustainability Business division, with other resources remaining unscathed. The incident occurred on January 17th of this year. While all networks have been restored, the hackers are now demanding a ransom, threatening to release the stolen information.

The full extent of the data that fell into the criminals’ hands remains unknown. However, the Sustainability Business serves many well-known companies worldwide, including Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart. This suggests that Cactus may possess data related to the energy infrastructure of industrial sites, as well as information regarding compliance with environmental standards.

Schneider Electric, a multinational corporation headquartered in France, employs over 150,000 people. Its revenue in 2023 amounted to $28.5 billion. Previously, Schneider Electric had been targeted by Clop ransomware attacks, which affected over 2,700 organizations.

Emerging in the cybercrime scene in March 2023, Cactus Ransomware specializes in so-called double extortion attacks, where hackers encrypt all valuable information before making threats and ransom demands.

To infiltrate company networks, Cactus employs various methods – using purchased credentials, establishing partnerships with distributors of malware, conducting phishing attacks, or exploiting vulnerabilities. In its brief existence, the group has already added data from over 100 organizations to its leak site.