Industrial Control Systems Company Held To Ransom

Uploaded on 2023-10-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Manufacturing

Johnson Controls International, a leading manufacturer of industrial control systems, has suffered a significant cyber attack that affected many of its systems and of its subsidiaries. The building technology giant was hit by a very disruptive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. 

Johnson Controls employs 100,000 people through its corporate operations and well-known subsidiaries, including York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex. The attack appears to have been carried out by Dark Angels a ransomware group that have frozen the company’s data and are demanding $51 million for its release.

The attack on Johnson Controls follows the crippling attack on two leading US Casino operators who experienced a complete loss of the operating systems in their properties, including elevators, reservations and other critical functions. 

Promptly after detecting the issue, the Company began an investigation with assistance from leading external cyber security experts and is also coordinating with its insurers. The firm continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate. 

The incident is expected to continue to cause, disruption to parts of the Company’s business operations.

“To date, many of the Company’s applications are largely unaffected and remain operational. To the extent possible, and in line with its business continuity plans, the Company implemented workarounds for certain operations to mitigate disruptions and continue servicing its customers” says the company in an SEC filing. 

The specific details of the data stolen during the Johnson Controls ransomware attack have not been publicly disclosed in great detail. However, it has been reported that the hackers claimed to have accessed approximately 27 terabytes of data. 

Dark Angels Ransomware Gang

Dark Angels is a ransomware operation launched in May 2022 when it began targeting organisations worldwide and may be the ones behind this attack. The gang began in May 2022, using both data theft and file-encrypting malware to convince victims to pay a ransom. The hackers have attacked several major organisations in the US in the last months.

Like almost all human-operated ransomware gangs, Dark Angels breaches corporate networks and then spreads laterally through the network. During this time, the threat actors steal data from file servers to be used in double-extortion attacks. When they gain access to the Windows domain controller, the threat actors deploy the ransomware to encrypt all devices on the network.

The attack on Johnson Controls highlights continued efforts by ransomware gangs to target industrial control companies and critical supply chain organisations.

The European Union Agency for Cybersecurity said in March that ransomware was the most significant cyberthreat facing the transport sector in the European Union, predicting that gangs would “likely target and disrupt” operational technology (OT) systems “in the foreseeable future,” potentially causing even more significant effects for victims.

Researchers from OT security firm Dragos said the number of ransomware attacks on industrial infrastructure grew significantly in 2022, with the firm tracking more than 600 incidents last year.

Of particular concern was the possibility that the stolen data might include sensitive information related to the US Department of Homeland Security (DHS) and other leading private sector businesses reliant on Johnson's systems to support day-to-day operations. 

SEC:    ENISA:    Security Week:     Bleeping Computer:     TEISS:    Dataconomy:    Security Affairs:    Vuemetric:

You Might Also Read: 

Hidden In Plain Sight:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Impact Of Artificial Intelligence On Cybersecurity
Top Five Cloud Penetration Testing Tools »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Libraesva

Libraesva

Libraesva secures email communications for organisations, helping them eliminate email borne threats, preserve email data and provide an environment for their people to communicate safely.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

Sasa Software

Sasa Software

Sasa Software is a cybersecurity software developer specializing in the prevention of file-based network attacks.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.