Hackers demand France’s Schneider Electric pay a lot of dough for stolen data — a US$125k ransom — in baguettes

Malay Mail
Malay Mail

KUALA LUMPUR, Nov 7 — Hackers who reportedly may have stolen 40GB of data from France’s Schneider Electric, are demanding a US$125,000 (RM551,130) ransom — in baguettes.

Cybersecurity news site Bleeping Computer reported that a hacker group may have data from the major French energy management and automation engineering group, after successfully penetrating the firm’s JIRA system.

Meanwhile, X user Greppy who is thought to have (or had) connections with the Hellcat ransomware gang, revealed an example chunk of data.

More details about the purported nature and scale of the data haul, as well as the boulangerie product demands, were published on the dark web.

If ransom demands aren’t fulfilled, sensitive data, including information about company projects, staff, and user data, could be exposed.

According to the hacker(s), the stolen info includes: “critical data, including projects, issues, and plugins, along with over 400,000 rows of user data,” which weighs in at 40GB compressed.

The ransom was promised to be cut in half should Schneider publicly admit to the latest data breach, reduced to US$62,500 (RM275,560) — presumably to be paid in baguettes as well.

It is not known if Schneider has complied with the admission clause, as it’s statement to Bleeping Computer did not confirm the scale of the purported breach.

“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment,” Schneider Electric it said in a statement to Bleeping Computer.

The firm also said its Global Incident Response team was on the case straight away, but insisted that “Schneider Electric’s products and services remain unaffected.”

Bleeping Computer also talked to Greppy (or Grep), who indicated a new hacking group called ICA had been formed, which doesn’t extort cash from companies if they admit being breached within 48 hours.