Jonson Controls Suffers Ransomware Attack
Last month, subsidiaries of Johnson Control International suffered a massive ransomware attack that encrypted several of its business devices, including VMware ESXi servers.
A global conglomerate, Johnson Controls designs and produces industrial control systems, security tools, air conditioners, and fire safety gear. Their customers include international aerospace manufacturers, universities and medical institutions.
Through its corporate operations and subsidiaries, which include York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex, the corporation employs 100,000 people.
On Monday, CNN reported that DHS has now started an investigation on the issue to see whether the rumoured ransomware attack on Johnson Controls International had an impact on sensitive physical security data, such as building floor plans.
However, Johnson is yet to publish a detailed log of the issue. In a statement, the company said that it is continuing "to assess what information was impacted" and is "executing our incident management and protection plan."
According to a report by BleepingComputer, the company has been responding to the ransomware attack for at least a week now.
Who is Behind the Cyberattack?
As of yet, no ransomware group has claimed responsibility for the alleged attack. This further indicated that if, as the speculation goes, this is a ransomware incident, then the company may still be negotiating whether to pay a ransom to unlock its systems.
It's also noteworthy that Johnson Controls is not the first among the government contractors to be suffering from a cybersecurity issue.
One of the high-profile cases of cybersecurity incidents came to light in late 2020, where at least nine federal agencies and 100 companies were affected by Chinese threat actors, who aimed at government-contracted SolarWinds.
Maximus, also a government contracted firm was affected by a breach this year, where the hackers exploited a vulnerability in the prevalent file-transfer tool MOVEit.
In regards to the attack, Johnson Control has not shared any details besides its brief statement given to the Securities and Exchange Commission in a public 8-K filing Wednesday.
In the filing, the company stated that it has, "experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident."