A fairly new hacking gang has emerged on the scene with a claim to have stolen 27Tb of sensitive data from one of the worlds largest building automation companies – Johnson controls.
The gang go by the name of the Dark Angels Team and are currently demanding a ransom of $51M for the decryptor to unlock the ransomed files.
Johnson controls has not yet publicly announced an attack has occurred, but some of their brands have posted statements on their websites saying that systems are currently disrupted due to an IT outage
Some posts about the issues are surfacing on social media, such as Reddit with customers and installation engineers posting frustration at not being able to contact the company to order parts
Twitter user @MalGamy12 posted some information about the attack with a couple of file hashes that show the malware used by the gang is one which is a slightly reworked version of a sample which was 1st uploaded to Virus Total a little over a year ago.
Who are Johnson Controls?
Johnson Controls are a American-Irish multinational company whose headquarters are in Cork, Ireland.
The company manufactures fire, HVAC, and security equipment for buildings all across the world and employs over 100,000 people across six continents.
The company has been at the front of building control manufacture since 1883, when its founder, Warren Johnson, filed a patent for the first electric room thermostat. Since then, the company has produced control equipment under a number of brands including York, TempMaster, Metasys, Panoptix, Frick, and Sabroe.
The company helps organisations improve their buildings energy efficiency and has equipment installed in some of the worlds most famous buildings including the Empire State building, and the Burj Khalifa.
Devastating data loss
A data theft is a devastating thing for any company to face, but when a company which is at the forefront of their industry is hit, the effects can be far reaching.
The loss of such a huge amount of data can mean many things. Firstly, there’s the potential loss of Personally Identifiable Information (PII) of both staff and customers which could see the company hit with regulatory fines, and a loss of reputation / customers as a result.
Secondly, there’s the loss of intellectual property which could see competitors take advantage of years of research and development at Johnson controls to allow them to build new products without having to spend millions on their own R&D.
Another consideration is the fact that if any source code has been leaked, or if the data contains access keys to customer systems, then this could lead to other supply-chain attacks against companies all across the world.
With the ever-interconnected world we live in, it would be a surprise if there isn’t data which could allow other threat actors access to systems in thousands of companies.
This could be a breach which has the potential to be something that keeps biting
