Johnson Controls International—a leading multinational manufacturer of high-end fire, HVAC, and security equipment—disclosed the high-stakes cyber slowdown it encountered on 27 September. This comes right after an initial breach at its Asia office, according to CYBERSECURITY DIVE. The tech giant skipped providing further details on the nature of the attack. However, security experts identified it as a ransomware attack. Dark Angels, a notorious ransomware group, has been specified as the perpetrator behind this attack.
The company revealed the cyberattack in an 8-K Form filed with the Securities and Exchange Commission (SEC). This high-risk cyber incident has left JCI reeling. It has severely affected some of its “internal information technology infrastructure and applications,” according to the report.
In addition, two of its prominent subsidiaries, York and Simplex, are showing notifications of a “technical outage” on their login pages and customer portals.
“The incident has caused, and is expected to continue to cause, disruption to parts of the company’s business operations,” JCL confirmed in the SEC filing.
The hackers used file-encrypting ransomware to infiltrate part of the company’s mission-critical internal IT and application systems. Dark Angels have claimed to encrypt VMware ESXi virtual machines and exfiltrated over 25 TB of critical business data during the incident.
The attackers demanded $51 million in exchange for control of JCI’s data and the guarantee to delete the stolen information.
The cybergang stated: “HELLO dear Management of Johnson Controls International! If you are reading this message, it means that: your network infrastructure has been compromised, critical data was leaked, files are encrypted, backups are deleted. The best and only thing you can do is to contact us to settle the matter before any losses occur.”
The severity of the crisis has raised national security concerns in the US. It has prompted the Department of Homeland Security (DHS) to investigate the aftermath individually. JCI serves as a government contractor. The DHS suspects that sensitive physical security information may have been stored on the compromised servers. The extent of the breach’s impact on DHS facilities and systems remains under scrutiny.
In the SEC filing, the company confirms that many of its systems are operational. To mitigate the effects and fallout from the breach, the company has also launched a robust incident management and protection plan.
“The company’s investigations and remediation efforts are ongoing,” Johnson Controls said in the filing. “The company is assessing whether the incident will impact its ability to timely release its fourth quarter and full fiscal year results, as well as the impact on its financial results.”
The successful orchestration of a massive cyberattack on the prominent maker of industrial control systems acts as a stark reminder that no organisation is immune to cyber risks. The implications extend far beyond JCI. This highlights the urgent need for businesses—regardless of their size—to augment their cybersecurity postures and preparedness.
Organisations looking to track down security vulnerabilities before they turn into cyberattacks are urged to leverage high-end PTaaS services such as Rootshell Security.
By deploying an ongoing, real-time, and holistic security strategy, such services help maintain and enhance an organisation’s security posture and enable effective protection against security threats.
Sohela is an electrical engineer and a self-professed writer with a keen interest in all things tech. When she’s not writing killer content pieces, you’ll find her enjoying tempting foods in her favourite restaurants.