Don’t you wonder how secure the companies responsible for industrial control systems, security equipment, and fire safety are? Johnson Controls International, a giant in these sectors, has just faced a crippling ransomware attack. We think it’s crucial for you to know what happened, how it impacts the company, and what it means for the cybersecurity landscape.
The Attack Unveiled
Johnson Controls is no small player; the multinational conglomerate employs 100,000 people and has several subsidiaries, including York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex. During the WannaCry Events, they clearly showed to invest in cybersecurity1.. so what happened?
Over the weekend, a source revealed to BleepingComputer2 that the company’s Asia offices were initially breached. This breach escalated into a ransomware attack that affected many of its subsidiaries.
For example, York and Simplex started showing technical outage messages on their website login pages. Customers are being told that the systems are down due to a cyberattack. One York customer even posted on Reddit, “Their computer system crashed over the weekend. Manufacturing and everything is down.”
The Ransomware Gang: Dark Angels
Who are the culprits? The Dark Angels ransomware gang has claimed responsibility for the attack. Launched in May 2022, they have been targeting organizations worldwide3. They specialize in double-extortion attacks, stealing data before encrypting devices.
This time, they demanded a hefty $51 million for a decryptor and to delete the stolen data. They claimed to have stolen over 27 TB of corporate data and encrypted the company’s VMware ESXi virtual machines. They have a notorious data leak site called ‘Dunghill Leaks,’ where they threaten to leak data if the ransom is not paid.
Impact and Recovery Efforts
What does this mean for Johnson Controls? The company confirmed the cybersecurity incident in a Form 8-K filing with the SEC4. They are working with external cybersecurity experts to investigate the attack and are coordinating with insurers.
Many of the company’s applications remain operational, but the incident has caused, and is expected to continue to cause, disruptions to parts of the company’s business operations.
The $51 million ransomware attack on Johnson Controls International is a grim reminder of the vulnerabilities that even giants in the industrial and technological sectors face. With a ransom note, stolen data, and encrypted servers, the Dark Angels ransomware gang has shown that no one is safe. As Johnson Controls works on damage control and system restoration, the incident serves as a stark warning for other companies to bolster their cybersecurity measures.
- https://www.johnsoncontrols.com/-/media/jci/be/united-states/specialty-pages/files/wannacry_faqs_final5.pdf?la=en ↩︎
- https://www.bleepingcomputer.com/news/security/building-automation-giant-johnson-controls-hit-by-ransomware-attack/ ↩︎
- https://twitter.com/MalGamy12/status/1706989619818954837 ↩︎
- https://www.sec.gov/ix?doc=/Archives/edgar/data/833444/000083344423000036/jci-20230927.htm ↩︎