Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Johnson Controls. Show all posts

Johnson Controls Breach Allegedly Leaked Sensitive DHS Data

 

A king-sized ransomware attack that targeted Johnson Controls forced certain parts of its IT systems to go offline and disrupted some of its operations. The attack on the renowned manufacturer of industrial control systems is reportedly the work of the Dark Angels hacker group. 

According to BleepingComputer, which broke the story first, the ransomware group is demanding $51 million in exchange for a decryptor and a complete wipeout of stolen data. 

As part of the hack, the company's ESXi servers were allegedly encrypted and some 27 terabytes of data were stolen by the digital hijackers. 

Theft of DHS data? 

The data hoard's potential exposure of private Department of Homeland Security (DHS) information, including physical floor plans of some agency buildings and security details on contracts with third parties, is of particular concern, CNN reported.

According to an internal DHS email reviewed by CNN, uncertainty exists around whether the Dark Angels or other digital hackers have taken control of Johnson Controls' private information. 

“Until further notice, we should assume that [the contractor] stores DHS floor plans and security information tied to contracts on their servers,” the memo stated. “We do not currently know the full extent of the impact on DHS systems or facilities.” 

Researchers believe that the ransomware employed in the attack is essentially an identical RagnarLocker Linux ransomware designed in 2021. In an 8K regulatory filing with the Securities and Exchange Commission (SEC), Johnson Controls stated that while some of its systems had been attacked by ransomware, many of its applications "remain operational." 

In the repair process, Johnson Controls' insurers are collaborating with external cybersecurity experts, perhaps managed security service providers (MSSPs), and possibly forensics experts. The attack commenced at the company's Asia offices and then extended to its subsidiaries. The cyber attackers reportedly launched the infiltration last weekend.

Statement from Johnson Controls 

Johnson Control reported in an 8K filing that the incident is expected to continue to hinder certain parts of the company's business operations: 

"Johnson Controls International plc (the “Company”) has experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident. Promptly after detecting the issue, the Company began an investigation with assistance from leading external cybersecurity experts and is also coordinating with its insurers. 

The Company continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate. " 

At this time, it's unclear whether Johnson Controls will be able to announce fourth-quarter and full-year fiscal year results, as well as the financial impact of the attack.

Automation Giant Johnson Controls Hit by Ransomware Attack

A big cyber attack hit Johnson Controls International. It locked up a bunch of their computer stuff, including VMware ESXi servers. This caused problems for This has led to disruptions in operations for both the company and its affiliated subsidiaries. 

Johnson Controls is a significant global company that creates and produces systems for controlling industry, security gear, air conditioners, and safety equipment for fires. With its primary operations and related companies like York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex, the company has a workforce of 100,000 people. 

"We are currently experiencing IT outages that may limit some customer applications such as the Simplex Customer Portal. We are actively mitigating any potential impacts to our services and will remain in communication with customers as these outages are resolved, “reads a message on the Simplex website. 

Some customers of York, a subsidiary of Johnson Controls, have mentioned that they're being informed about the company's systems being offline. A few have even mentioned being told that this is because of a cyberattack. 

"Their computer system crashed over the weekend. Manufacturing and everything is down. I talked to our rep and he said someone hacked them," a York customer posted to Reddit. Earlier today, Gameel Ali, a threat researcher at Nextron Systems, shared a sample of a Dark Angels VMware ESXi encryptor on Twitter. 

This encryptor included a ransom note, claiming it was deployed in an attack against Johnson Controls. Dark Angels, a ransomware group that emerged in May 2022, has been actively targeting organizations on a global scale. In their approach, much like other human-operated ransomware groups, Dark Angels infiltrates corporate networks and then moves laterally within, seizing data from file servers for potential double-extortion tactics. 

Once they gain entry to the Windows domain controller, the threat actors set loose the ransomware to encrypt all devices connected to the network. Initially, the threat actors utilized encryptors for Windows and VMware ESXi, which were derived from the source code leak of the Babuk ransomware. 

During the attack, the perpetrators assert that they have not only encrypted the company's VMWare ESXi virtual machines but also made off with more than 27 terabytes of corporate data. As of now, the extortion site has identified nine victims, among them Sabre and Sysco, both of whom have recently reported cyberattacks.