heise PlusAbo
Anzeige
WTF

Cyber gang demands baguettes after data theft at Schneider Electric

The criminal organization Hellcat claims to have broken into Schneider Electric's IT system. It is demanding a ransom to delete stolen data.

listen Print view
Baguettes in the oven

Baguettes are a rather unusual demand from cyber criminals.

(Image: heise online / dmk)

2 min. read
Security
By

A cyber incident has apparently occurred at industrial technology company Schneider Electric. Criminals claim to have broken into the company's IT systems and stolen large amounts of data. They are demanding a ransom.

The criminal group Hellcat has made a ransom demand to Schneider Electric on the Darknet. The desired currency: baguettes.

(Image: Screenshot / dmk)

The perpetrators have published a ransom demand on the darknet site of the criminal online group Hellcat. According to this, they have gained access to Schneider Electric's Atlassian Jira system and extracted critical data from it, including projects, problems and plug-ins as well as 400,000 database rows of user data with a total volume of more than 40 GByte of compressed data.

Unusual ransom demand

"To secure the deletion the deletion of this data and prevent its public release, we require a payment of 125.000 US dollars in baguettes," the criminals write there. If the demand is not met, the compromised information will be published. The malicious actors also write that public disclosure of the data leak will reduce the ransom amount by 50 percent.

The shorter entry on the Hellcat overview page gives a release date of – and demands the ransom in XMR (Monero).

(Image: Screenshot / dmk)

On Hellcat's overview page on the darknet, the shorter entry mentions Thursday, November 7 as the threatened release date. However, the currency of the ransom demand there is XMR, i.e. it is to be paid in the cryptocurrency Monero.

Videos by heise

The company has apparently commented to US media: "Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project implementation tracking platforms operating in an isolated environment." The global incident response team was immediately mobilized to respond to the incident. "Schneider Electric products and services are not affected," the company added.

Schneider Electric has not yet responded to a request from heise online. We will update the report if we receive a statement.

Read also

Schneider Electric should now have experience in dealing with online blackmail groups. Around the beginning of the year, the cyber gang "Cactus" was able to penetrate the company's IT and steal terabytes of data. While the company had published information about this at the time, there is no reference to the incident on the Schneider Electric website at the time of reporting.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten