Johnson Controls hit by Dark Angels Ransomware

    The Dark Angels ransomware gang, active since May 2022, has reportedly set its sights on VMware ESXi servers within the premises of Johnson Controls International (JCI). The cyberattack initially targeted JCI’s Asian offices and subsequently spread to several subsidiary brands, including York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex.

    Johnson Controls, a renowned manufacturer of industrial equipment such as fire safety and security systems, has launched an investigation into the extent of the attack’s impact on its network. The company has assured stakeholders that it will provide more comprehensive details early next week.

    As a result of the disruption, a portion of JCI’s systems is currently offline, and the company is actively exploring strategies to mitigate associated risks. Frustrated customers of York have taken to Twitter to express their discontent, as they are unable to access the status of their booked HVAC equipment and processing systems.

    Notably, the Dark Angels ransomware group is infamous for demanding a minimum ransom of $51 million and is recognized for offering a VMware ESXi encryptor, sourced from the Babuk and Ragnar ransomware variants.

    In the case of Johnson Controls, Dark Angels reportedly exfiltrated approximately 27 terabytes of corporate data, setting the stage for a double extortion attack in the future. The company acknowledged this breach in its Form 8-K filing with the SEC and disclosed its collaboration with its cyber insurance provider and experts to address the situation.

    The course of action Johnson Controls will ultimately take in response to the hackers’ demands remains uncertain. However, the company’s website warns that certain customer-accessed applications may experience downtime, and those affected will receive formal notifications.

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display