Johnson Controls Data Breach: $51M Ransom Demanded


In a startling turn of events, a Johnson Controls data breach has been reported. The Johnson Controls cyber attack was announced via an official Security and Exchange Commission (SEC) filing.

The cyber attack seems to have hampered the company’s IT infrastructure. According to the filing, the Johnson Controls data breach affected a portion of their system.

According to online reports, the Johnson Controls cyber attack was first reported in Asia and affected the company’s devices, such as the VMware ESXi servers.

The data breach has also reached the point of a ransom demand, although no threat actor has been named at this point. 

The Johnson Controls data breach decoded

The Johnson Controls data breach ransom amount is estimated to be around $51 million. The threat actor has also claimed to delete the “27 terabytes of stolen data”. 

According to official reports, the Johnson Controls data breach took place when the company fell victim to a ransomware attack.

The attack was orchestrated by an unknown hacker group, which encrypted the company’s data, disrupting operations across its subsidiaries, including York, Tyco, Luxaire, and others.

The impact of the Johnson Controls cyber attack is still reverberating through the company. Several subsidiaries, such as York, Simplex, and Ruskin, experienced technical issues, as evidenced by outage messages on their respective websites and customer portals. 

The incident has not only exposed vulnerabilities in the company’s IT infrastructure but also raised questions about its preparedness for future cyber threats.

Johnson Controls data breach incident: Past Incidents and lessons learned

This Johnson Controls data breach is not the first incident that the company has faced today. In a similar incident in 2017, and 2019, the company faced a similar attack. 

While in 2017 the attack was limited to the company’s surveillance cameras in Washington, D.C., which allegedly fell victim to a ransomware attack, the subsequent cyber attack in 2019 made the company release a product security advisory due to a ransomware attack targeting a vulnerability in the Microsoft SMB protocol, potentially impacting specific Metasys installations. 

In response, the company even published a white paper focusing on mitigating the risk of ransomware in smart buildings, highlighting the importance of proactive cybersecurity measures.

The aftermath of the Johnson Controls cyber attack has left some aspects of Johnson Control’s IT infrastructure vulnerable, with potential repercussions on its financial performance.

With a solid market cap of $37.11 billion, the company’s P/E ratio of 18.19 reflects a trading price relative to its near-term earnings growth. However, the disruption caused by the cyber attack introduces an element of uncertainty into the company’s financial outlook.

As investigations continue into this Johnson Controls cyber attack, stakeholders and industry experts alike will be closely monitoring how Johnson Controls navigates through this crisis.

The forthcoming earnings report, scheduled for November 9, 2023, will offer valuable insights into the financial impact of the incident and the company’s resilience in the face of evolving cyber threats.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link