Industrial Control Systems Company Held To Ransom

Uploaded on 2023-10-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Manufacturing

Johnson Controls International, a leading manufacturer of industrial control systems, has suffered a significant cyber attack that affected many of its systems and of its subsidiaries. The building technology giant was hit by a very disruptive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. 

Johnson Controls employs 100,000 people through its corporate operations and well-known subsidiaries, including York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex. The attack appears to have been carried out by Dark Angels a ransomware group that have frozen the company’s data and are demanding $51 million for its release.

The attack on Johnson Controls follows the crippling attack on two leading US Casino operators who experienced a complete loss of the operating systems in their properties, including elevators, reservations and other critical functions. 

Promptly after detecting the issue, the Company began an investigation with assistance from leading external cyber security experts and is also coordinating with its insurers. The firm continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate. 

The incident is expected to continue to cause, disruption to parts of the Company’s business operations.

“To date, many of the Company’s applications are largely unaffected and remain operational. To the extent possible, and in line with its business continuity plans, the Company implemented workarounds for certain operations to mitigate disruptions and continue servicing its customers” says the company in an SEC filing. 

The specific details of the data stolen during the Johnson Controls ransomware attack have not been publicly disclosed in great detail. However, it has been reported that the hackers claimed to have accessed approximately 27 terabytes of data. 

Dark Angels Ransomware Gang

Dark Angels is a ransomware operation launched in May 2022 when it began targeting organisations worldwide and may be the ones behind this attack. The gang began in May 2022, using both data theft and file-encrypting malware to convince victims to pay a ransom. The hackers have attacked several major organisations in the US in the last months.

Like almost all human-operated ransomware gangs, Dark Angels breaches corporate networks and then spreads laterally through the network. During this time, the threat actors steal data from file servers to be used in double-extortion attacks. When they gain access to the Windows domain controller, the threat actors deploy the ransomware to encrypt all devices on the network.

The attack on Johnson Controls highlights continued efforts by ransomware gangs to target industrial control companies and critical supply chain organisations.

The European Union Agency for Cybersecurity said in March that ransomware was the most significant cyberthreat facing the transport sector in the European Union, predicting that gangs would “likely target and disrupt” operational technology (OT) systems “in the foreseeable future,” potentially causing even more significant effects for victims.

Researchers from OT security firm Dragos said the number of ransomware attacks on industrial infrastructure grew significantly in 2022, with the firm tracking more than 600 incidents last year.

Of particular concern was the possibility that the stolen data might include sensitive information related to the US Department of Homeland Security (DHS) and other leading private sector businesses reliant on Johnson's systems to support day-to-day operations. 

SEC:    ENISA:    Security Week:     Bleeping Computer:     TEISS:    Dataconomy:    Security Affairs:    Vuemetric:

You Might Also Read: 

Hidden In Plain Sight:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Impact Of Artificial Intelligence On Cybersecurity
Top Five Cloud Penetration Testing Tools »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Secnology

Secnology

Secnology is dedicated to developing and providing the most powerful and user friendly event analysis and security management solution.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

Crown Sterling

Crown Sterling

Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

usecure

usecure

usecure is a global provider of computer-based cyber security awareness training, offering the market’s most time-efficient, cost-effective and admin-lite solution for reducing insider threats.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

Drawbridge

Drawbridge

Drawbridge is a premier provider of cybersecurity software and solutions to the alternative investment industry.

Cyberi

Cyberi

Cyberi provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance to incident management and response, and technical security research.

RecoLabs

RecoLabs

Reco’s proprietary AI technology dynamically maps business interactions within your collaboration tools to identify sensitive assets shared and uncover incidents that are relevant to your business.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.