Ransomware Attacks Continue: Johnson Controls International Hit

What comes after Thursday, but before Saturday?

Of course... Cyber Friday!

And we're back with another story that is starting to become a recurring theme, much to large corporations' chagrin.

Ransomware. And breaches.

Yep, another week, another massive attack. Hackers just keep finding ways into large infrastructures, don't they?

Johnson Controls International Hit by Ransomware

So, over last weekend, Johnson Controls International, based in Cork, Ireland, experienced a major ransomware attack which was speculated to come from one of their Asia offices. Portions of their IT systems were shut down, including specific applications vital to business functions. The ransomware encrypted servers, like VMware and ESXi devices, and the group responsible claims to have exfiltrated over 27 TB of data.

Even subsidiaries of the building automation giant, like Simplex and Ruskin, have had to deal with technical outages due to this event.

Yikes.

Now, like with any ransomware attack of a similar stature, Johnson Controls was forced to file a Form 8-K through the SEC, which notifies investors and stockholders of significant events that could impact their stakes. The stock price has since declined, seeing a 5.7% downturn yesterday morning.

What's more is the group responsible for the attack is demanding $51 million in ransom from Johnson Controls.

Threat Actors: Dark Angels

And who is this group, you may ask?

Well, they're named Dark Angels, which may or may not be a nod to the Space Marine Legion in the wargame, Warhammer 40k.

Dark Angels have been around since about May of 2022, and here is what we know about the way they carry out a ransomware attack:

They display a homepage to each victim accessible via URL. Here's a look:

Then, the header of the page contains a countdown, and a victim might see instructions such as these:

They even have a support chat where negotiations for the ransom payment may take place. The above example doesn't necessarily reflect the current situation with Johnson Controls, but it is a look into what Dark Angels is capable of.

Outlook for Large Attack Prevention

Alright, it seems like a lot of large companies have been getting hit as of late. And it surely makes you wonder how multi-billion dollar organizations are still just as susceptible to attacks as anyone else, right?

What, if any, are the overarching gaps across these industries that are being exploited?

A lack of funding in cybersecurity systems?

Not enough tools to combat security threats?

Maybe, but in these recent cases, money and quantity of resources are likely not substantial factors.

Because listen, you can throw money at the problem all you want. You can have the latest and greatest technology at your fingertips, and a cyber-insurance policy that protects you down to a coffee spill on your keyboard.

The problem, it seems, is the lack of cohesiveness and the vision of the big picture when it comes to information technology.

Whether you are TikTok, MGM, T-Mobile, or another giant organization, the cybersecurity landscape today demands a holistic approach to security, from endpoint detection to incident response, disaster recovery, operational safeguarding, and CONSTANT threat assessments.

You have to move fast. Faster than those trying to exploit you. And even when you feel that you are completely protected, don't trust that sense of security. Always look to innovate and improve processes, because the second you fall short in one small area is the second that vulnerability becomes the back door to an attack.

Farewell, cyber-nerds. Have a great weekend.