In an unexpected twist of events, a French multinational corporation, Schneider Electric, is currently under siege from a ransomware group known as Hellcat. The group, displaying an ironic sense of humor, has demanded a ransom in the form of baguettes, a move that interestingly plays into national stereotypes. The ransomware group is demanding $125,000 worth of the iconic French bread, threatening to leak 40GB worth of Schneider Electric’s private data if their demands are not met.
While the ransom demand for baguettes might seem comical, it is far from a laughing matter for Schneider Electric. Hellcat, represented by a pseudonymous Twitter user named Grep, asserted that they have infiltrated the corporation to target “sensitive customer and operational information”. If the ransom is not paid, the group threatens to expose this information.
However, there’s a twist in the tale. Despite the public demands for baguettes, Cyberscoop reports that the group is willing to accept the crypto Monero as an alternative. Monero, a privacy-centric coin, is designed to make transactions nearly impossible to track. The coin is a common choice among cybercriminals, although it does have legitimate uses as well.
Picus Security researcher Huseyin Can Yuceel provides a perspective on the unusual ransom. According to Yuceel, the baguette-based demand is a marketing tactic, meant to differentiate this newcomer in the ransomware market. This could potentially position Hellcat to sell its services more effectively in the future.
In a statement, Schneider Electric confirmed that it is “investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms”. It reassured stakeholders, however, that their “products and services remain unaffected”.
This marks the third cybersecurity breach for Schneider Electric in less than two years. In February, the corporation’s Sustainability Business division was infected by Cactus ransomware. Then, in June 2023, it was attacked by the CL0P ransomware crew, affecting thousands of organizations and millions of individuals.
In this latest breach, Hellcat claims to have over 400,000 rows of user data in its possession. The group ended its message by addressing “Olivier”, presumably a reference to Schneider Electric’s new CEO, Olivier Blum.
Despite Schneider boasting annual revenues above $40 billion, the motives behind the ransomware attack remain unclear. With the company reporting a revenue of €36 billion (US$38 billion) at the end of last year, it appears to be a lucrative target for cybercriminals. As the situation unfolds, the cybersecurity community and Schneider Electric’s stakeholders will be watching closely.