Johnson Controls Suffers Ransomware Attack by Blackbasta

Johnson Controls, a multinational conglomerate specializing in industrial control systems, security equipment, air conditioners, and fire safety equipment, has been targeted by the ransomware group Blackbasta. The attack, which occurred in September 2023, resulted in the theft of over 27 TB of confidential data and cost the company $27 million in expenses related to the response and remediation efforts.

Johnson Controls operates in the Software sector and employs 100,000 people through its corporate operations and subsidiaries, including York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex. The company's size and industry position make it a significant target for cybercriminals, particularly those seeking to exploit vulnerabilities in industrial control systems and critical infrastructure.

The attack on Johnson Controls was part of a broader campaign by Blackbasta, which has been active since May 2022 and has targeted organizations worldwide. The group is known for its use of double-extortion tactics, where it steals data from file servers and threatens to leak it if a ransom is not paid.

The ransomware attack forced Johnson Controls to shut down large portions of its IT infrastructure, affecting customer-facing systems. The company has since confirmed that the incident was a ransomware attack and has been working with external cybersecurity experts to investigate and remediate the impact.

Despite the significant disruption caused by the attack, Johnson Controls has managed to contain the unauthorized activity and ensure that its digital products and services, including OpenBlue and Metasys, are available. The company is continuing to assess the extent of the data breach and the impact on its financial results.

In response to the attack, Johnson Controls has implemented remediation measures to mitigate the impact and is working to restore its systems and services. The company has also been in communication with its customers to address any disruptions caused by the incident.

The attack on Johnson Controls highlights the importance of robust cybersecurity measures in protecting critical infrastructure and sensitive data. As the threat landscape continues to evolve, organizations must remain vigilant and proactive in defending against cyberattacks.

Sources

• Johnson Controls. (n.d.). Product Security Advisories - Johnson Controls. Retrieved April 10, 2024, from https://www.johnsoncontrols.com/cyber-solutions/security-advisories
• Toulas, B. (2024, January 31). Johnson Controls says ransomware attack cost $27 million, data stolen. BleepingComputer. Retrieved April 10, 2024, from https://www.bleepingcomputer.com/news/security/johnson-controls-says-ransomware-attack-cost-27-million-data-stolen/
• Reddit. (2023, September 28). Building automation giant Johnson Controls hit by ransomware attack. Retrieved April 10, 2024, from https://www.reddit.com/r/HVAC/comments/16uftkt/building_automation_giant_johnson_controls_hit_by/