blackbasta attacks METASYS

Incident Date:

October 19, 2022

World map



blackbasta attacks METASYS






Glendale, USA

Wiscosin, USA

First Reported

October 19, 2022

Johnson Controls Suffers Ransomware Attack by Blackbasta

Johnson Controls, a multinational conglomerate specializing in industrial control systems, security equipment, air conditioners, and fire safety equipment, has been targeted by the ransomware group Blackbasta. The attack, which occurred in September 2023, resulted in the theft of over 27 TB of confidential data and cost the company $27 million in expenses related to the response and remediation efforts.

Johnson Controls operates in the Software sector and employs 100,000 people through its corporate operations and subsidiaries, including York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex. The company's size and industry position make it a significant target for cybercriminals, particularly those seeking to exploit vulnerabilities in industrial control systems and critical infrastructure.

The attack on Johnson Controls was part of a broader campaign by Blackbasta, which has been active since May 2022 and has targeted organizations worldwide. The group is known for its use of double-extortion tactics, where it steals data from file servers and threatens to leak it if a ransom is not paid.

The ransomware attack forced Johnson Controls to shut down large portions of its IT infrastructure, affecting customer-facing systems. The company has since confirmed that the incident was a ransomware attack and has been working with external cybersecurity experts to investigate and remediate the impact.

Despite the significant disruption caused by the attack, Johnson Controls has managed to contain the unauthorized activity and ensure that its digital products and services, including OpenBlue and Metasys, are available. The company is continuing to assess the extent of the data breach and the impact on its financial results.

In response to the attack, Johnson Controls has implemented remediation measures to mitigate the impact and is working to restore its systems and services. The company has also been in communication with its customers to address any disruptions caused by the incident.

The attack on Johnson Controls highlights the importance of robust cybersecurity measures in protecting critical infrastructure and sensitive data. As the threat landscape continues to evolve, organizations must remain vigilant and proactive in defending against cyberattacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.