Johnson Controls Ransomware Attack Cost $27 Million After Data Breach

Written by Mitchell Langley

January 31, 2024

Johnson Controls Ransomware Attack Cost $27 Million After Data Breach

Johnson Controls Ransomware Attack Cost $27 Million in total and data was breached with sensitive corporate data stolen.

According to official confirmation from Johnson Controls International, the company incurred data breach expenses amounting to $27 million as a result of a ransomware attack in September 2023. The attack also resulted in a data breach, with hackers successfully stealing corporate data.

Johnson Controls International is a globally recognized conglomerate that specializes in the development and manufacturing of various industrial control systems, security equipment, air conditioners, and fire safety equipment.

Following the initial breach of Johnson Controls’ Asia offices, the company experienced a ransomware attack that allowed the attackers to infiltrate and propagate through their network. Consequently, significant portions of the company’s IT infrastructure had to be temporarily shut down, impacting customer-facing systems.

Dark Angels Group was Behind Johnson Controls Ransomware Attack

Dark Angels Group was Behind Johnson Controls Ransomware Attack

The ransomware attack was attributed to the Dark Angels gang, who claimed to have stolen over 27 TB of confidential data from Johnson Controls. In exchange for deleting the data and providing a file decryptor, the threat actors demanded a ransom of $51 million.

Dark Angels is a ransomware gang that emerged in May 2022. They employ encryptors based on leaked source code from previous ransomware operations, namely Babuk and Ragnar Locker, which are no longer active.

Johnson Controls Cybersecurity Incident Confirmed to be a Ransomware Event

Johnson Controls International initially acknowledged a service disruption and later identified it as a “cybersecurity incident.” However, specific details about the attack type and the potential data breach were not initially provided.

In a recent quarterly report submitted to the U.S. Securities and Exchange Commission (SEC), Johnson Controls confirmed that the September 23, 2023 cyberattack they experienced was indeed a ransomware attack. The attack resulted in data theft.

“The cybersecurity incident consisted of unauthorized access, data exfiltration, and deployment of ransomware by a third party to a portion of the Company’s internal IT infrastructure,”

Confirmed Johnson Controls.

$27 Million Incurred in the Johnson Controls Ransomware Attack

Furthermore, Johnson Controls International has disclosed that the expenses incurred in addressing and mitigating the cyberattack reached a total of $27 million.

“The impact on net income for the three months ended December 31, 2023, of lost and deferred revenues, net of revenues deferred at the end of fiscal 2023 and recognized in the first quarter of fiscal 2024, and expenses during the quarter was approximately $27 million,”

“These impacts were primarily attributable to expenses associated with the response to, and remediation of, the incident, and are net of insurance recoveries.”

reads the SEC filing

Johnson Controls anticipates that the expenses associated with the cyberattack will increase in the upcoming months as they conduct further investigations to determine the extent of data theft. The company is collaborating with external cybersecurity forensic experts and remediation specialists in this process.

However, based on the available information, Johnson Controls assures stakeholders that they have successfully contained the unauthorized activity. As a result, their digital products and services, such as OpenBlue and Metasys, remain fully operational and accessible.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!