Cactus Ransomware Claims to Have Stolen 1.5TB from Schneider Electric Data Breach

Written by Gabby Lee

February 20, 2024

Cactus Ransomware Claims to Have Stolen 1.5TB from Schneider Electric Data Breach

The Cactus ransomware group announced that they successfully infiltrated Schneider Electric’s network and seized approximately 1.5TB of data. As evidence, they have leaked 25MB of the allegedly stolen information on their dark web leak site.

This leaked data from Schneider Electric Data Breach includes snapshots containing scanned passports of multiple American citizens, as well as non-disclosure agreement documents. The breach occurred on January 17th within Schneider Electric’s Sustainability Business division.

Schneider Electric Data Breach Compromises Personal and Compliance Related Information

The Cactus ransomware gang is currently engaging in extortion by demanding a ransom from Schneider Electric. They have threatened to release all the data they claim to have stolen if the ransom is not paid. The exact nature of the stolen data remains unknown at this time.

However, it is important to note that Schneider Electric’s Sustainability Business division offers renewable energy and regulatory compliance consulting services to prominent global companies such as Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.

Considering the nature of Schneider Electric’s Sustainability Business division and its clients, the stolen data could contain sensitive information pertaining to customers’ industrial control and automation systems. The Schneider Electric Data Breach may also have compromised data related to environmental and energy regulations compliance.

It is worth mentioning that Schneider Electric has previously been targeted by the Clop ransomware group, resulting in data theft incidents through the exploitation of their MOVEit platform, which affected over 2,700 other organizations.

Cactus ransomware stole Compliance Related Information from Schneider Electric Data Breach

Schneider Electric entry on Cactus leak site

Source (BleepingComputer)

Who is Cactus Ransomware?

The Cactus ransomware group is a relatively new operation that emerged in March 2023, specializing in double-extortion attacks. Their modus operandi involves breaching corporate networks through various means, such as using purchased credentials, collaborating with malware distributors, carrying out phishing attacks, or exploiting security vulnerabilities.

Once inside a target’s network, they navigate through the compromised infrastructure, all the while stealing sensitive data that they can later use as leverage during ransom negotiations.

Since their inception, the Cactus ransomware group has grown their data leak site to include over 100 companies. These threat actors have already leaked some of the stolen data online or are actively threatening to do so, even as they engage in ongoing ransom negotiations.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!