Highlights:
- Hellcat, a ransomware gang accepted responsibility, mentioning that it gained control over the infrastructure of Schneider Electric via the organization’s Atlassian Corp. Jira install.
- The deadline for the baguette payment is November 7, after which Hellcat vows to make the stolen data public, as Schneider Electric is unlikely to give up the cash.
Ransomware gang breached Schneider Electric SE, a French multidimensional digital automation and energy business. The data is compromised and the ransom demanded is not money but plenty of baguettes.
Although it’s unclear exactly when the incident occurred, reports claim that allegations that the organization had been compromised initially surfaced on X during the weekend.
Schneider Electric confirmed the security breach on Monday, stating that the company was investigating a “cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms, which is hosted within an isolated environment.”
Hellcat, a ransomware gang accepted responsibility, mentioning that it gained control over the infrastructure of Schneider Electric via the organization’s Atlassian Corp. Jira install. “This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB compressed data,” the hacking group stated on its dark web leak site.
“To secure the deletion of this data and prevent its public release, we require a payment of USD 125,000 USD in Baguettes,” the group added, “Failure to meet this demand will result in the dissemination of the compromised information.”
Although the amount of baguettes that Schneider Electric might be up to pay is now reduced, with the group also mentioning that “stating this breach will decrease the ransom by 50%, it’s your choice, Olivier.” Olivier refers to Chief Executive Officer Olivier Blum. As Schneider has admitted the breach, presumably the ransom demand is now USD 62,500 in baguettes.
November 7 is the deadline for the payment of baguettes, after which Hellcat mentions to make the breached data public, as Schneider Electric is unlikely to pay the ransom.
The Hellcat ransomware group initially came to light in October when they demanded large ransoms and exfiltrated sensitive data from prominent organizations, including the Knesset of Israel and the Ministry of Education in Jordan. As of right now, the gang has a reputation for focusing on government and educational institutions, using their access to vital information to pressure victims into making payments.
Hellcat works by breaking into systems, obtaining a ton of private data, and threatening to leak it if their demands for ransom are not fulfilled. To put pressure on victims and increase their visibility, they frequently post information about their breaches on the dark web, just like other similar organizations.