close
close

Schneider Electric Attackers Demand Ransom in Baguettes • The Register

Schneider Electric confirmed it is investigating a breach as the Hellcat ransomware group claims to have stolen more than 40GB of compressed data – and ordered the French multinational energy management company to pay $125,000 in baguettes or else its sensitive Leak customer and operational information.

And yes, you read that right: payment in baguettes. Like with bread.

Schneider Electric declined to respond The Registerasks specific questions about the break-in, including whether the attackers really want $125,000 worth of baguettes or whether they would settle for cryptocurrency.

However, a spokesperson emailed us the following statement:

A ransomware crew called Hellcat claimed to have gained access to Schneider Electric's infrastructure through the $40 billion energy management giant's Atlassian Jira system.

“This breach compromised critical data, including projects, issues and plugins, along with over 400,000 lines of user data, totaling more than 40GB of compressed data,” the criminals posted on their leak site.

The perpetrators also promised to delete the data as long as the French company handed over the dough.

“Failure to comply with this request will result in the dissemination of the compromised information,” they threatened. “Indicating this breach will reduce the ransom by 50 percent.” [sic] Your choice, Olivier…”

“Olivier,” we suspect, is Olivier Blum, who was announced as Schneider’s new CEO on Monday. This is the same day that Hellcat added the multinational to its site of shame, which is not a pleasant first week on the job.

Also on Monday, Hellcat leaked data that the group claimed belonged to the Jordanian Ministry of Education and the Tanzanian College of Business Education.

This is Schneider Electric's third violation in less than two years. In February, Cactus ransomware infected the company's Sustainability Business unit. And in June 2023, the French giant was among the thousands of organizations and millions of individuals whose data was stolen in the MOVEit attacks by the CL0P ransomware crew. ®