Largest soft drink bottle supplier, recycle and plastic manufacturers hacked by ransomware

Johnson Controls International plc operates globally as a conglomerate, boasting a varied array of products and services with a predominant focus on technologies and solutions for buildings. Their extensive portfolio includes HVAC (heating, ventilation, and air conditioning) systems, building automation solutions, components essential for managing energy, as well as fire and security systems.

Recently, the conglomerate disclosed that it fell victim to a significant ransomware assault affecting numerous systems within its network. The cyber-attack transpired over a weekend, initially infiltrating the company’s Asian offices’ systems before proceeding to target its VMware ESXi servers.

In response to the detected breach, Johnson Controls International took decisive action by promptly shutting down its systems. This precautionary measure was essential to halt the malware’s propagation throughout its network. The company swiftly initiated an in-depth inquiry into the incident with assistance from renowned cybersecurity specialists external to the organization. Concurrently, there is ongoing collaboration with the company’s insurance providers regarding the matter.

The objective of the ongoing investigation is to precisely delineate the extent and impact of the cyber breach. A crucial aspect of this review involves determining whether the incident will influence the company’s capability to release its financial results for the fourth quarter and the entire fiscal year punctually. Furthermore, the inquiry seeks to ascertain the financial implications the security breach might exert on the company’s upcoming financial disclosures.

Gameel Ali, a cybersecurity researcher, has posited that the cyber extortion group, Dark Angels Team, is likely behind the attack on Johnson Controls. According to Ali, this group has ostensibly unleashed a newly engineered variant of Linux ransomware for this operation. The threat actors are reportedly demanding a ransom of $51 million in exchange for a decryption tool, a figure that has been verified by other experts in the field, including the Malware Hunter Team. Preliminary analysis by researchers suggests that the ransomware deployed in this cyber onslaught bears significant resemblance to the RagnarLocker Linux ransomware, initially crafted and utilized in previous cyber-attacks in 2021.

Representatives from Johnson Controls International plc issued a response stating, “Our company has encountered disruptions within specific segments of our internal IT infrastructure and applications due to a cybersecurity incident. Immediately upon identifying the problem, we initiated an investigation, enlisting the expertise of prominent external cybersecurity specialists, and commenced coordination with our insurance partners.”

The statement continued: “We are in the process of determining the extent of information affected by this incident. Concurrently, we have activated our incident management and protection protocols, which include the implementation of remediation actions designed to alleviate the incident’s impact. We are committed to taking any additional necessary steps as the situation unfolds.”

The representatives further noted, “As of now, a significant number of our applications have remained largely unaffected and operational. We have activated contingency plans for certain operations to minimize disruptions, ensuring continued service provision to our clients, where feasible. Nevertheless, we acknowledge that the incident has introduced, and will likely continue to introduce, disruptions to segments of our business operations. Currently, we are evaluating whether this cybersecurity incident will hinder our ability to release the financial results for the fourth quarter and the full fiscal year in a timely manner. We are also examining the potential impact this situation may have on our financial outcomes.”