Johnson Controls International, a major building automation company, recently suffered a significant ransomware attack that encrypted many of its devices, including VMware ESXi servers. This attack had widespread consequences, impacting both the company and its various subsidiaries, such as York, Tyco, Luxaire, Coleman, Ruskin, Grinnell, and Simplex. The attack is reported to have originated from a breach in the company's Asia offices and resulted in the shutdown of parts of its IT systems.
Customers of Johnson Controls subsidiaries began to experience technical outages on websites and customer portals, with some being informed that the outages were due to a cyberattack. The ransomware gang behind the attack, known as Dark Angels, reportedly demanded a $51 million ransom in exchange for a decryptor and the deletion of stolen data. They also claimed to have stolen over 27 TB of corporate data and encrypted the company's virtual machines.
After initial reports, Johnson Controls confirmed the cybersecurity incident and stated that they are working with external cybersecurity experts to investigate the attack and coordinating with insurers. The incident has caused disruptions to parts of the company's business operations, and the extent of the impact on the company's financial results and ability to release fourth-quarter and full fiscal year results is being assessed.
Dark Angels is a ransomware operation that emerged in May 2022, targeting organizations globally. They employ tactics such as data theft for double-extortion attacks and encrypting all devices on a network once they gain access to the Windows domain controller. The Linux encryptor used in the Johnson Controls attack is similar to ones used by Ragnar Locker since 2021. Dark Angels also operates a data leak site called 'Dunghill Leaks' to extort victims, listing several organizations that have fallen victim to their attacks, including Sabre and Sysco.
How do you prevent yourself from falling victim?
IP Services can play a pivotal role in safeguarding your network from ransomware attacks by implementing our VisibleOps Best Practices. Our expertise includes establishing robust network defenses that encompass advanced threat detection and response mechanisms. We ensure that your network has up-to-date and reliable backups, offering a crucial lifeline in case of ransomware incidents. IP Services also excels in user access management, enforcing stringent authentication protocols, and implementing multi-factor authentication to thwart unauthorized entry. Our proactive approach includes regular software updates and patch management to eliminate potential vulnerabilities. By monitoring your network continuously and providing comprehensive employee training on cybersecurity best practices, IP Services ensures that your organization is well-prepared to identify and mitigate ransomware threats effectively. With a well-defined incident response plan and IP Services' support, your network stands fortified against the ever-evolving ransomware landscape.
Schedule your No-Charge IT Assessment now so you can see how vulnerable your network might be:
