Schneider Electric Ransomware Attack Commentary from Daniel Lattimer, Area VP, Semperis
January 2024 by Daniel Lattimer, Vice President, Semperis
The reported ransomware attack on Schneider Electric is a deliberate and calculated attack on the company’s Sustainability Business Division. While purely speculation at this time, the timing of the attack is curious as it is just days before the company releases its annual financial results. And often ransomware attacks become material events quickly when data is stolen. And in the case of Schneider, we are talking about terabytes of data.
Overall, any attack on critical infrastructure providers is significant and as names of some of the company’s customers in its Sustainability Business surface, the threat actors knew exactly what they were attacking and the ramifications of their actions could be significant.
This ransomware attack is another reminder that even giant, global organisations with world class security pros and incident responders on staff, can still be victimised. Their attack surface, with 150,000 global employees is massive. And deliberate, motivated, and persistent threat actors will eventually find a gap in the digital footprint of any company.
The good news is that Schneider is working diligently to eliminate the remaining business disruptions this ransomware attack caused and hopefully they will be operating fully in the coming days.
Overall, it is essential for organisations to know that they will all likely be targeted at some point in the next six-to-twelve months by ransomware gangs. It is a harsh reality today for all organisations and government agencies. Preparing now for the inevitable during peacetime is critical to limiting business disruptions. Companies can improve their operational resiliency by knowing what their critical systems are, including infrastructure such as Active Directory. By preparing in peacetime, defenders can make their organisations sufficiently difficult to compromise that hackers will look for softer targets. Companies should also monitor for unauthorised changes occurring in their Active Directory environment which threat actors use in most attacks - and have real time visibility to changes to elevated network accounts and groups.