Well, well, well The Hellcat ransomware group took advantage of Schneider Electric, a well-known French multinational corporation that produces energy and automation equipment ranging from home electrical components. In addition to over 400,000 rows of user data, it hacked and released over 40GB of compressed data that contained “compromised key data, including projects, issues, and plugins.” Cybercriminals allegedly gained access to Schneider Electric’s Atlassian Jira system.
“To secure the deletion of this data and prevent its public release, we require a payment of $125,000 USD in Baguettes,” the group said, adding, “Failure to meet this demand will result in the dissemination of the compromised information.”
Demand Of The Ransomware Groups
An unknown threat actor called “Grep” made fun of the business on X over the weekend, claiming to have compromised its systems.
About the Ransomware Group : Hellcat
Since 2021, the Hellcat ransomware organisation has started operating, making it a relatively recent cyber threat actor. They are notorious for extorting money from their victims through ransomware attacks, usually by encrypting private information and requesting a ransom to unlock it. Although little is known about the group’s history or goals, their methods and strategies point to a high degree of coordination and complexity.
Hackingblogs Talks With The Threat Actor
After interacting with the threat actor, hackingblogs learnt that the data in the breach consisted of
- 75,000 SE Employee Database
- 400,000 SE Clients/Users in the database
- Jira tickets and plugins (which include vulnerabilities and issue reports, among other things).
Additionally, we requested a sample of the leaked data.
A post on the Hellcat ransom website states, “This breach exposed crucial information, including projects, issues, and plugins, along with over 400,000 rows of user data, totalling more than 40GB Compressed Data.”
Terabytes of data were reportedly stolen by threat actors in a Cactus ransomware campaign that compromised Schneider Electric’s “Sustainability Business” division earlier this year.
“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric´s products and services remain unaffected,”
The spokesperson
