Cactus to Clop to HellCat

CACTUS TO CLOP TO HELLCAT

DailyPost 2965
CACTUS TO CLOP TO HELLCAT

Very rarely a topic can be so intriguing. It would really take an effort to unravel it, but certainly very doable given the quantum of information available on the public domain, more so related to IT / cyber security. Without making it a riddle, the simple answer is all the three are ransomware groups. But there are any number of other gangs too, so the reason why they have put together in a sequence in the title or the three together being the title itself, is because all these ransomware gangs have attacked Schneider Electric in the last 18 months. You can well imagine the existential danger it poses to any organisation.

The message connected to the current ransomware attack by HellCat refers to the new Schneider Electric Chief Executive Olivier Blum, who took over as CEO this week. His predecessor Peter Herweck was removed due to “divergences in the execution of the company roadmap at a time of significant opportunities,” HellCat is the third time Schneider was attacked by ransomware in the last 18 months. In Jan 2023 company’s Sustainability Business Division was targeted by the Cactus ransomware gang leading to the theft of corporate data and also the disruption of its cloud platforms.

Another ransomware attack took place in June 2023 by Cl0p in a campaign exploiting a vulnerability in Progress Software’s MOVEit managed file transfer (MFT) software. Schneider Electric confirmed the breach and implemented the security measures. The latest attack is by a ransomware group HellCat and it threatens to dump 40 GB data. The attackers have claimed responsibility for the new ransomware variant. The cyber security incident involved unauthorised access to one of the internal project execution tracking platforms, which was hosted in an isolated environment.

The company was listed in one of the leaked sites. The attackers have demanded a $150,000 ransom. The gang is looking for payment in Monero, a privacy focused cryptocurrency. 40 gigabytes of data is claimed to be with HellCat from the company’s JIRA platform, “including projects, issues, and plugins, along with over 400,000 rows of user data.” The data could include sensitive and proprietary information about employees and major projects. If we delve into HellCat’s history, it has previously published records they claim to be from the Jordan Ministry of Education and Tanzania’s college of business education.

THE AUDACITY OF RANSOMWARE GANGS HAVE PUT THE CYBER WORLD ON ITS HEAD.
Sanjay Sahay

Have a nice evening.

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top