A king-sized ransomware attack that targeted Johnson Controls forced certain parts of its IT systems to go offline and disrupted some of its operations.
The attack on the renowned manufacturer of industrial control systems is reportedly the work of the Dark Angels hacker group.
According to BleepingComputer, which broke the story first, the ransomware group is demanding $51 million in exchange for a decryptor and a complete wipeout of stolen data.
As part of the hack, the company's ESXi servers were allegedly encrypted and some 27 terabytes of data were stolen by the digital hijackers.
Theft of DHS data?
The data hoard's potential exposure of private Department of Homeland Security (DHS) information, including physical floor plans of some agency buildings and security details on contracts with third parties, is of particular concern, CNN reported.
According to an internal DHS email reviewed by CNN, uncertainty exists around whether the Dark Angels or other digital hackers have taken control of Johnson Controls' private information.
“Until further notice, we should assume that [the contractor] stores DHS floor plans and security information tied to contracts on their servers,” the memo stated. “We do not currently know the full extent of the impact on DHS systems or facilities.”
Researchers believe that the ransomware employed in the attack is essentially an identical RagnarLocker Linux ransomware designed in 2021.
In an 8K regulatory filing with the Securities and Exchange Commission (SEC), Johnson Controls stated that while some of its systems had been attacked by ransomware, many of its applications "remain operational."
In the repair process, Johnson Controls' insurers are collaborating with external cybersecurity experts, perhaps managed security service providers (MSSPs), and possibly forensics experts.
The attack commenced at the company's Asia offices and then extended to its subsidiaries. The cyber attackers reportedly launched the infiltration last weekend.
Statement from Johnson Controls
Johnson Control reported in an 8K filing that the incident is expected to continue to hinder certain parts of the company's business operations:
"Johnson Controls International plc (the “Company”) has experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident. Promptly after detecting the issue, the Company began an investigation with assistance from leading external cybersecurity experts and is also coordinating with its insurers.
The Company continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate. "
At this time, it's unclear whether Johnson Controls will be able to announce fourth-quarter and full-year fiscal year results, as well as the financial impact of the attack.