Expert Comment x2: Energy Giant Schneider Electric hit by Cactus ransomware attack & data breach at insurance broker Keenan & Associates
January 2024 by BlackFog
Energy giant Schneider Electric has been hit by a Cactus ransomware attack which led to the theft of corporate data. Terabytes of data have reportedly been stolen from its Sustainability Business division earlier this month, with some of its Electric’s Resource Advisor Cloud platform continuing to suffer outages today.
If interested, please see expert commentary from Darren Williams, CEO and Founder, BlackFog:
“This Cactus ransomware attack on Schneider Electric joins the recent uptick of critical national infrastructure (CNI) attacks. In particular, the energy sector is a prime target due to its potentially lucrative rewards, if successful, and the maximum chaos caused by its widespread public reach. Naturally, with high-profile customers including Hilton and PepsiCo, Schneider Electric fit the bill.
The Cactus group, which has been around since March 2023, appears to favour CNI sector organisations as its victims, most recently leaking updated identity documents stolen from Peterson Health Care just over a month ago in December.
The UK’s NCSC recently warned of exponential threat increases towards CNI in its annual review, particularly as global tensions are on the rise; preventative measures like anti data exfiltration are the safest option for CNI companies to defend against nasty attacks like these.
Moreover, it is essential that organisations do not bow down to these extortion demands, as doing so can potentially worsen their position – who’s to say the attackers won’t put stolen data to ill-use post-ransom payment? Not to mention the legal and reputational consequences, depending on the country the company is based in.”
Additionally, 1.5 million individuals were recently affected by an August data breach at insurance broker Keenan & Associates. The attackers exfiltrated clients’ personal data from the company’s system. They did not say whether ransomware was deployed but is currently strengthening the security of its network to prevent similar attacks.
Dr Darren Williams, CEO and Founder of BlackFog comments:
“Keenan & Associates is taking the appropriate measures for a company that has just experienced a cyber-attack by actively strengthening the security of their network. Given the frequent targeting of businesses, especially in the aftermath of an initial attack, remediation is an imperative step. The optimal approach involves deploying real-time security measures that not only reduce the risk of future data breaches but also safeguard your data from exfiltration if it does happen.”