Cactus ransomware reportedly claimed credit for the mid-January attack, and the company unit hopes to restore operations in the next couple of days.
Schneider Electric said the attack directly impacted its EcoStruxure Resource Advisor platform, used by more than 2,000 companies worldwide. The tool is used for monitoring energy and resource data.Â
The company retained outside cybersecurity experts, who are working with its internal global incident response team to investigate the full impact of the attack.Â
Schneider did not disclose how the hackers could access computer systems or whether any specific ransom demand was made.Â
Cactus Ransomware has emerged as a rapidly growing strain in recent months, according to researchers at Avertium and Kroll. The ransomware group began targeting major companies in March 2023, often leveraging VPN devices to gain initial access.Â
Cactus deploys legitimate tools, including AnyDesk, Splashtop and SuperOps RMM, according to Avertium.Â
In November, Cactus Ransomware exploited vulnerabilities in Qlik Sense, a cloud analytics and business intelligence platform, to launch an exploitation campaign, according to a blog post by Arctic Wolf.
