Industrial Control Systems Company Held To Ransom

Johnson Controls International, a leading manufacturer of industrial control systems, has suffered a significant cyber attack that affected many of its systems and of its subsidiaries. The building technology giant was hit by a very disruptive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. 

Johnson Controls employs 100,000 people through its corporate operations and well-known subsidiaries, including York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex. The attack appears to have been carried out by Dark Angels a ransomware group that have frozen the company’s data and are demanding $51 million for its release.

The attack on Johnson Controls follows the crippling attack on two leading US Casino operators who experienced a complete loss of the operating systems in their properties, including elevators, reservations and other critical functions. 

Promptly after detecting the issue, the Company began an investigation with assistance from leading external cyber security experts and is also coordinating with its insurers. The firm continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate. 

The incident is expected to continue to cause, disruption to parts of the Company’s business operations.

“To date, many of the Company’s applications are largely unaffected and remain operational. To the extent possible, and in line with its business continuity plans, the Company implemented workarounds for certain operations to mitigate disruptions and continue servicing its customers” says the company in an SEC filing. 

The specific details of the data stolen during the Johnson Controls ransomware attack have not been publicly disclosed in great detail. However, it has been reported that the hackers claimed to have accessed approximately 27 terabytes of data. 

Dark Angels Ransomware Gang

Dark Angels is a ransomware operation launched in May 2022 when it began targeting organisations worldwide and may be the ones behind this attack. The gang began in May 2022, using both data theft and file-encrypting malware to convince victims to pay a ransom. The hackers have attacked several major organisations in the US in the last months.

Like almost all human-operated ransomware gangs, Dark Angels breaches corporate networks and then spreads laterally through the network. During this time, the threat actors steal data from file servers to be used in double-extortion attacks. When they gain access to the Windows domain controller, the threat actors deploy the ransomware to encrypt all devices on the network.

The attack on Johnson Controls highlights continued efforts by ransomware gangs to target industrial control companies and critical supply chain organisations.

The European Union Agency for Cybersecurity said in March that ransomware was the most significant cyberthreat facing the transport sector in the European Union, predicting that gangs would “likely target and disrupt” operational technology (OT) systems “in the foreseeable future,” potentially causing even more significant effects for victims.

Researchers from OT security firm Dragos said the number of ransomware attacks on industrial infrastructure grew significantly in 2022, with the firm tracking more than 600 incidents last year.

Of particular concern was the possibility that the stolen data might include sensitive information related to the US Department of Homeland Security (DHS) and other leading private sector businesses reliant on Johnson's systems to support day-to-day operations. 

SEC:    ENISA:    Security Week:     Bleeping Computer:     TEISS:    Dataconomy:    Security Affairs:    Vuemetric:

You Might Also Read: 

Hidden In Plain Sight:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Impact Of Artificial Intelligence On Cybersecurity
Top Five Cloud Penetration Testing Tools »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

e2e-assure

e2e-assure

e2e Protective Monitoring and Security Operations Centre (SOC) Service is a complete cyber defence service to protect your critical assets from cyber attacks and GDPR breaches.

QOMPLX

QOMPLX

QOMPLX integrate, contextualize, and analyze data from virtually any source to help you identify operational risk and inefficiencies throughout the enterprise.

Littlefish

Littlefish

Littlefish provide world-class, award-winning Managed IT and Cyber Security Services, delivered from our 24/7 UK service centres.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

SpeQtral

SpeQtral

SpeQtral offers commercial space-based Quantum Key Distribution (QKD) founded on technology developed at the National University of Singapore.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

VicOne

VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry.

Network Contagion Research Institute (NCRI)

Network Contagion Research Institute (NCRI)

NCRI provides pioneering technology, research, and analysis to identify and forecast cyber-social threats targeting individuals, organizations, and communities.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.