News: 1730843460

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Schneider Electric ransomware crew demands $125k paid in baguettes

(2024/11/05)


Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked.

And yes, you read that right: payment in baguettes. As in bread.

Schneider Electric declined to answer The Register 's specific questions about the intrusion, including if the attackers really want $125,000 in baguettes or if they would settle for cryptocurrency.

[1]

A spokesperson, however, emailed us the following statement:

"Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric's products and services remain unaffected."

A ransomware crew called Hellcat claimed to have gained access to Schneider Electric's infrastructure via the $40-billion energy management giant's Atlassian Jira system.

"This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB Compressed Data," the criminals [2]posted on their leak site.

[3]

[4]

The miscreants also promised to delete the data as long as the French firm hands over the dough.

[5]Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack

[6]Uncle Sam outs a Russian accused of developing Redline infostealing malware

[7]Brazen crims selling stolen credit cards on Meta's Threads

[8]Ransomware's ripple effect felt across ERs as patient care suffers

"Failure to meet this demand will result in the dissemination of the compromised information," they threatened. "Stating this breach will decrease the ransom by 50 percent, its [sic] your choice Olivier…"

"Olivier," we'd assume, is Olivier Blum, who, on Monday, was [9]announced as Schneider's new CEO. This is the same day that Hellcat added the multinational to its site of shame, which doesn't make for a pleasant first week on the job.

Also on Monday, Hellcat [10]leaked data that the group claimed belonged to Jordan's Ministry of Education and Tanzania's College of Business Education.

[11]

This is Schneider Electric's third breach in less than two years. In February, Cactus ransomware [12]infected the corporation's Sustainability Business division. And in June 2023, the French giant was among the [13]thousands of organizations and millions of individuals whose data was stolen by the [14]CL0P ransomware crew in the MOVEit attacks. ®

Get our [15]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zyqjlxeb0I4Tip_FruD7kgAAABY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://x.com/grepcn/status/1853450369646354625

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zyqjlxeb0I4Tip_FruD7kgAAABY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zyqjlxeb0I4Tip_FruD7kgAAABY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2024/11/04/columbus_rhysida_ransomware/

[6] https://www.theregister.com/2024/10/29/russian_redline_malware/

[7] https://www.theregister.com/2024/10/28/crims_selling_credit_cards_threads/

[8] https://www.theregister.com/2024/10/24/ransomware_ripple_effect_hospitals/

[9] https://x.com/SchneiderElec/status/1853487404956422580

[10] https://x.com/FalconFeedsio/status/1853477812260454861

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zyqjlxeb0I4Tip_FruD7kgAAABY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[12] https://www.se.com/ww/en/about-us/newsroom/news/press-releases/sustainability-business-division-of-schneider-electric-responds-to-cybersecurity-incident-65b8035eb11dced626091019

[13] https://www.theregister.com/2023/11/20/moveit_victim_77m_medical/

[14] https://www.theregister.com/2023/06/15/clop_broke_into_the_doe/

[15] https://whitepapers.theregister.com/



Baguettes

Anonymous Coward

I've had a few, but then again, too few to ransom...

Errr...

Marty McFly

Y'all realize there is actually a cryptocurrency called "Baguette", right?

"Baguette Token is a community-based meme project implemented as an ERC20 token. BGTT is distributed as a reward for contributions made to its ecosystem. Its goal is to bridge the culinary and cryptocurrency worlds and provide partnerships with bakeries all around the world. The project strongly believes in the power of memes, even quoting Elon Musk’s tweet: “Who controls the memes, control the Universe” in their whitepaper. One of Baguette Token's main goals is to usurp the king of meme coins — Dogecoin — in an aptly named event called the ‘Baguettening."

The total supply of BGTT is 50M units, at a value of $0.0009146 USD. That means the total supply is worth a bit over $45,000 in USD. So this ransom is impossible to pay because there is not enough BQTT in existence.

It is always possible some fool owns a bunch of these coins, and this ransom is actually an attempt to move the market. If the coin became worth a full cent, that would be a 10x on their "investment" at current prices. Their payday would be profitably selling their coins on the open market so that Schneider could have enough to actually pay the fine.

Re: Errr...

Doctor Syntax

It's possible they mean diamonds.

What an author likes to write most is his signature on the back of a cheque.
-- Brendan Francis