Dive Brief:

• Schneider Electric, a France-based multinational company specializing in energy management and automation, confirmed Monday that a Jan. 17 ransomware attack impacted the company’s sustainability business division. 
• Cactus Ransomware claimed credit for the attack, Bleeping Computer reports, and the company confirmed that data was accessed. Officials from the sustainability division have contacted customers impacted by the attack. 
• The company, which has extensive operations in the U.S., is working to restore operations at the division in the next two days.

Dive Insight:

Schneider Electric said the attack directly impacted its EcoStruxure Resource Advisor platform, which is used by more than 2,000 companies worldwide. The tool is used for monitoring energy and resource data. 

The company retained outside cybersecurity experts, who are working with its internal global incident response team to investigate the full impact of the attack. 

Schneider did not disclose how the hackers were able to access computer systems or whether there was any specific ransom demand made. 

Cactus Ransomware has emerged as a rapidly growing strain in recent months, according to researchers at Avertium and Kroll. The ransomware group began targeting major companies starting in March 2023, often leveraging VPN devices to gain initial access. 

Cactus deploys legitimate tools, including AnyDesk, Splashtop and SuperOps RMM, according to Avertium. 

Cactus Ransomware in November exploited vulnerabilities in Qlik Sense, a cloud analytics and business intelligence platform, to launch an exploitation campaign, according to a blog post by Arctic Wolf.