A big cyber attack hit Johnson Controls International. It locked up a bunch of their computer stuff, including VMware ESXi servers. This caused problems for This has led to disruptions in operations for both the company and its affiliated subsidiaries.
Johnson Controls is a significant global company that creates and produces systems for controlling industry, security gear, air conditioners, and safety equipment for fires. With its primary operations and related companies like York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex, the company has a workforce of 100,000 people.
"We are currently experiencing IT outages that may limit some customer applications such as the Simplex Customer Portal. We are actively mitigating any potential impacts to our services and will remain in communication with customers as these outages are resolved, “reads a message on the Simplex website.
Some customers of York, a subsidiary of Johnson Controls, have mentioned that they're being informed about the company's systems being offline. A few have even mentioned being told that this is because of a cyberattack.
"Their computer system crashed over the weekend. Manufacturing and everything is down. I talked to our rep and he said someone hacked them," a York customer posted to Reddit.
Earlier today, Gameel Ali, a threat researcher at Nextron Systems, shared a sample of a Dark Angels VMware ESXi encryptor on Twitter.
This encryptor included a ransom note, claiming it was deployed in an attack against Johnson Controls.
Dark Angels, a ransomware group that emerged in May 2022, has been actively targeting organizations on a global scale.
In their approach, much like other human-operated ransomware groups, Dark Angels infiltrates corporate networks and then moves laterally within, seizing data from file servers for potential double-extortion tactics.
Once they gain entry to the Windows domain controller, the threat actors set loose the ransomware to encrypt all devices connected to the network.
Initially, the threat actors utilized encryptors for Windows and VMware ESXi, which were derived from the source code leak of the Babuk ransomware.
During the attack, the perpetrators assert that they have not only encrypted the company's VMWare ESXi virtual machines but also made off with more than 27 terabytes of corporate data. As of now, the extortion site has identified nine victims, among them Sabre and Sysco, both of whom have recently reported cyberattacks.