Building automation giant Johnson Controls hit by ransomware attack
Johnson Controls International, a multinational conglomerate specializing in industrial control systems and security equipment, has experienced a significant ransomware attack that has impacted its operations.
The attack involved the encryption of company devices, including VMware ESXi servers. The breach is believed to have originated from the company's Asia offices. As a result, Johnson Controls and its subsidiaries, such as York, Simplex, and Ruskin, have experienced technical outages on their websites and customer portals.
Customers of York have reported that the company's systems are down and have been informed that it is due to a cyberattack. A sample of the ransom note used in the attack, which demands $51 million and claims to have stolen over 27 TB of corporate data, was shared by a threat researcher.
Johnson Controls has yet to respond to inquiries about the attack. Dark Angels, the ransomware gang responsible for the attack, is known for breaching corporate networks and conducting double-extortion attacks by stealing data before encrypting devices. The Linux encryptor used in this attack is similar to the one used by Ragnar Locker since 2021. Dark Angels operates a data leak site called "Dunghill Leaks," where they threaten to leak stolen data if the ransom is not paid. Johnson Controls has confirmed the cybersecurity incident and is working with external experts to investigate and mitigate the impact. They are also coordinating with insurers.
The company's applications remain largely unaffected, but disruptions are expected in certain areas of their business operations. The incident may also impact their ability to release financial results on time. Overall, Johnson Controls International has suffered a significant ransomware attack that has led to technical outages and potentially compromised data. The company is actively addressing the situation and taking steps to mitigate the impact of the incident.