Building Automation


Massive Ransomware Attack at Johnson Controls

September 24, 2023

Johnson Controls International suffered a massive ransomware attack. The attack encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. Johnson Controls shut down portions of its IT systems over the weekend. After which many of its subsidiaries, including York, Simplex, and Ruskin, begun to display technical outage messages on website login pages and customer portals.

Customers of York report that they are told the company’s systems are down. “Their computer system crashed over the weekend. Manufacturing and everything is down,” a York customer posted to Reddit. “I talked to our rep and he said someone hacked them,” posted another customer. This morning, Nextron Systems threat researcher Gameel Ali tweeted a sample of a Dark Angels VMw. BleepingComputer reports the ransom note links to a negotiation chat where the ransomware gang demands $51 million to provide a decryptor and to delete stolen data. The threat actors also claim to have stolen over 27 TB of corporate data and encrypted the company’s VMWare ESXi virtual machines during the attack.

BleepingComputer reports that the Linux encryptor used in the Johnson Controls attack is the same as ones used by Ragnar Locker since 2021. They contacted Johnson Controls with questions regarding the attack but has not received a response.

read more

Wisag Group Hacked Again a Year Later

February 9, 2023

Almost exactly a year after the first attack, the service group Wisag fell victim to hackers again. On Tuesday morning, the IT department found “irregularities” on the servers, said a spokeswoman for the Frankfurt-based company. As a result, all systems and applications were immediately taken off the network.

“At the current time, it is not apparent that customer or internal data has leaked,” it continues. “We are optimistic that we can safely put all systems back into operation as soon as possible.”

read more

IT Systems Shut Down after Ransomware Attack at Glutz, a Swiss Specialist in Access Solutions

November 28, 2022

Glutz, a specialist in access solutions, fell victim to a ransomware attack at the end of November. Cyber ​​criminals encrypted data on the systems, as the Solothurn-based company announced at the time. As a security measure, all internal IT systems have been shut down.

“Since December 7th we have been working again in limited normal operation,” writes Marco Hauri, CEO, at the request of Telephony and e-mail communication could be used consistently. The costs incurred by the attack cannot be estimated at this time.

read more