Ransomware gang demands ransom payment in baguettes in Schneider Electric data breach
French multinational digital automation and energy firm Schneider Electric SE has been breached and had data stolen, but in a strange twist, those behind the theft are demanding a ransom payment in baguettes.
Exactly when the breach took place is unclear, but claims that the company had been breached first appeared on X Inc. (formerly Twitter) over the weekend, according to Bleeping Computer. Schneider Electric subsequently confirmed the breach on Monday, saying that it was investigating a "cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms, which is hosted within an isolated environment."
A ransomware gang called Hellcat has claimed responsibility, claiming that they gained access to Schneider Electric's infrastructure through the company's Atlassian Corp. Jira install. "This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB compressed data," the hacking group writes on its dark web leak site.
Then it gets interesting, with the group writing, "to secure the deletion of this data and prevent its public release, we require a payment of $125,000 USD in Baguettes," before adding, "failure to meet this demand will result in the dissemination of the compromised information."
Notably, though, the amount of baguettes Schneider Electric might be up for has now been reduced, with the group also writing that "stating this breach will decrease the ransom by 50%, it's your choice, Olivier." Olivier refers to Chief Executive Officer Olivier Blum and with Schneider admitting to the breach, presumably, the ransom due is now $62,500 in baguettes.
Given it's unlikely Schneider Electric will cough up the dough, the deadline for the baguette payment is Nov. 7, after which time Hellcat promises to release the stolen data.
The Hellcat ransomware group first gained attention in October when they targeted high-profile entities like Israel's Knesset and Jordan's Ministry of Education, exfiltrating sensitive data and demanding substantial ransoms. The group, until now, has established a reputation for targeting government institutions and educational organizations, leveraging their access to critical data to coerce victims into paying.
Hellcat operates by infiltrating systems, extracting vast amounts of sensitive information and threatening to release it unless their ransom demands are met. Like many similar groups, they often publicize their breaches on the dark web to pressure victims and enhance their visibility.