Johnson Controls International (JCI) has disclosed that it fell victim to a cyberattack that resulted in disruptions to its internal IT infrastructure, according to a recent filing with the US Securities and Exchange Commission (SEC). The company has also reported that two of its subsidiaries, Simplex and York, are experiencing technical outages on customer portals and login pages.
The severity of the attack was further highlighted when Gameel Ali, a researcher at Nextron Systems, shared a ransom note on Twitter from a cybergang known as Dark Angels. The note stated that Johnson Controls’ network infrastructure had been compromised, critical data had been leaked, files were encrypted, and backups had been deleted. The note also urged the company’s management to contact the attackers to resolve the issue before any losses occurred.
It is believed that the Dark Angels group managed to steal more than 27 terabytes of data from Johnson Controls and encrypt the company’s VMware ESXi machines as part of a ransomware attack. This is highly concerning, as Johnson Controls is a leading provider of digital technologies and services for buildings in industries such as healthcare, airports, hotels, and stadiums. Lior Yaari, CEO and co-founder of Grip Security, warned that if the breach extends beyond the company itself to the systems used by their customers, it could have disastrous consequences for businesses across various sectors.
Johnson Controls, in its SEC filing, stated that its applications remain operational and unaffected by the cyberattack. However, the company is currently assessing the financial impact on its fiscal year results. In response to the incident, Johnson Controls has implemented an incident management and protection plan to mitigate any further fallout from the attack.
The cyberattack on Johnson Controls serves as a reminder of the ever-increasing threat of cybercriminals targeting organizations’ IT infrastructure. Companies across all industries must ensure they have robust cybersecurity measures in place to protect themselves against such attacks. In recent years, the frequency and sophistication of cyberattacks have escalated, making it imperative for businesses to invest in cybersecurity solutions that can detect, prevent, and respond to these threats effectively.
Given the sensitive nature of the data handled by Johnson Controls and its subsidiaries, it is crucial for the company to conduct a thorough investigation into the attack and identify any potential vulnerabilities in its systems. This will allow Johnson Controls to strengthen its cybersecurity defenses and safeguard its operations and customers’ data in the future.
The incident also underscores the importance of timely and transparent communication during a cyberattack. By promptly disclosing the breach and its impact, Johnson Controls has demonstrated a commitment to keeping its stakeholders informed. This approach not only helps to manage the immediate fallout but also enhances trust and confidence in the company’s ability to handle such incidents.
As the investigation into the cyberattack continues, it is essential for Johnson Controls to collaborate closely with law enforcement agencies and cybersecurity experts to identify the perpetrators and hold them accountable for their actions. Additionally, the company should consider conducting regular security audits and risk assessments to proactively identify and mitigate any potential cybersecurity vulnerabilities.
In conclusion, the cyberattack on Johnson Controls and its subsidiaries serves as a sobering reminder of the ongoing and evolving threats faced by organizations in today’s digital landscape. By learning from incidents like these and strengthening their cybersecurity defenses, companies can better protect themselves, their customers, and the critical data they handle.