Johnson Controls data breach: $51 million ransom demanded


In a surprising turn of events, a data breach at Johnson Controls has been reported. Johnson Controls cyberattack announced via official Security and Exchange Commission (SEC) deposit.

The cyberattack appears to have hampered the company’s IT infrastructure. According to the filing, Johnson Controls data breach affected part of their system.

According to online reports, the Johnson Controls cyberattack was first reported in Asia and affected corporate devices, such as VMware ESXi servers.

The data breach has also reached the stage of a ransom demand, although no threat actors have been named at this stage.

Johnson Controls data leak decrypted

The Johnson Controls data breach ransom amount is estimated to be around $51 million. The threat actor also claimed to have deleted the “27 terabytes of stolen data.”

According to official reports, the Johnson Controls data breach took place when the company suffered a ransomware attack.

The attack was orchestrated by an unknown person pirate group, which encrypted company data, disrupting the operations of its subsidiaries, including York, Tyco, Luxaire and others.

The impact of Johnson Controls cyber the attack is still reverberating throughout the company. Several subsidiaries, such as York, Simplex and Ruskin, experienced technical issues, as evidenced by outage messages on their respective websites and customer portals.

The incident not only revealed vulnerabilities in the company’s IT infrastructure, but also raised questions about its preparedness for future cyber threats.

Johnson Controls Data Breach Incident: Past Incidents and Lessons Learned

This Johnson Controls data breach is not the first incident the company has faced today. In similar incidents in 2017 and 2019, the company faced a similar attack.

While in 2017 the attack was limited to the company’s premises surveillance cameras in Washington, DC, which was reportedly the victim of a ransomware attack, the subsequent cyberattack in 2019 caused the company to issue a product security advisory due to a ransomware attack targeting a vulnerability in the Microsoft SMB protocol, which could impact specific Metasys installations.

In response, the company even released a white paper focused on mitigating the risk of ransomware in smart buildings, highlighting the importance of proactive cybersecurity measures.

The aftermath of the Johnson Controls cyberattack left aspects of Johnson Control’s IT infrastructure vulnerable, with potential impacts on its financial performance.

With a solid market cap of $37.11 billion, the company’s P/E ratio of 18.19 reflects trading price relative to its near-term earnings growth. However, the disruption caused by the cyberattack introduces an element of uncertainty into the company’s financial outlook.

As investigations continue into this Johnson Controls cyberattack, stakeholders and industry experts will closely monitor how Johnson Controls navigates this crisis.

The next results report, scheduled for November 9, 2023, will offer valuable information on the financial impact of the incident and the resilience of the company in the face of evolving cyber threats.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. Le Cyber ​​Express assumes no responsibility for the accuracy or consequences of the use of this information.

Leave a comment