Leading Multinational Conglomerate Company Hit Hard by Ransomware Attack

    Johnson Controls International—a leading multinational manufacturer of high-end fire, HVAC, and security equipment—disclosed the high-stakes cyber slowdown it encountered on 27 September. This comes right after an initial breach at its Asia office, according to CYBERSECURITY DIVE. The tech giant skipped providing further details on the nature of the attack. However, security experts identified it as a ransomware attack. Dark Angels, a notorious ransomware group, has been specified as the perpetrator behind this attack. 

    The company revealed the cyberattack in an 8-K Form filed with the Securities and Exchange Commission (SEC). This high-risk cyber incident has left JCI reeling. It has severely affected some of its “internal information technology infrastructure and applications,” according to the report. 

    In addition, two of its prominent subsidiaries, York and Simplex, are showing notifications of a “technical outage” on their login pages and customer portals.

    “The incident has caused, and is expected to continue to cause, disruption to parts of the company’s business operations,” JCL confirmed in the SEC filing.

    The hackers used file-encrypting ransomware to infiltrate part of the company’s mission-critical internal IT and application systems. Dark Angels have claimed to encrypt VMware ESXi virtual machines and exfiltrated over 25 TB of critical business data during the incident. 

    The attackers demanded $51 million in exchange for control of JCI’s data and the guarantee to delete the stolen information.

    The cybergang stated: “HELLO dear Management of Johnson Controls International! If you are reading this message, it means that: your network infrastructure has been compromised, critical data was leaked, files are encrypted, backups are deleted. The best and only thing you can do is to contact us to settle the matter before any losses occur.”

    The severity of the crisis has raised national security concerns in the US. It has prompted the Department of Homeland Security (DHS) to investigate the aftermath individually. JCI serves as a government contractor. The DHS suspects that sensitive physical security information may have been stored on the compromised servers. The extent of the breach’s impact on DHS facilities and systems remains under scrutiny.

    In the SEC filing, the company confirms that many of its systems are operational. To mitigate the effects and fallout from the breach, the company has also launched a robust incident management and protection plan.

    “The company’s investigations and remediation efforts are ongoing,” Johnson Controls said in the filing. “The company is assessing whether the incident will impact its ability to timely release its fourth quarter and full fiscal year results, as well as the impact on its financial results.”

    The successful orchestration of a massive cyberattack on the prominent maker of industrial control systems acts as a stark reminder that no organisation is immune to cyber risks. The implications extend far beyond JCI. This highlights the urgent need for businesses—regardless of their size—to augment their cybersecurity postures and preparedness.
    Organisations looking to track down security vulnerabilities before they turn into cyberattacks are urged to leverage high-end PTaaS services such as Rootshell Security.

    By deploying an ongoing, real-time, and holistic security strategy, such services help maintain and enhance an organisation’s security posture and enable effective protection against security threats.

    Don't miss out!

    Sing up for our newsletter to stay in the loop.

    Featured Article

    Cutting Costs without Cutting Corners: The Benefits of Efficient IVR Systems in Banking and Utilities

    We live in a world where customer service is very, very important. If someone leaves your business feeling dissatisfied, you can be sure they’ll...

    Latest articles

    From Our Advertisers


    Related articles