Schneider Electric facing potential breach with unusual ransom demand: Hackers want baguettes

In a funny twist on ransomware demands, hackers have reportedly targeted Schneider Electric, the French multinational energy management company, and are demanding not just cash but baguettes as payment. The cybercriminal group, known as Hellcat, claims to have stolen over 40 GB of compressed data and is threatening to leak sensitive customer and operational information unless Schneider Electric coughs up $125,000—paid entirely in baguettes.

Schneider Electric confirmed it is investigating the incident, which allegedly involved unauthorized access to one of the company’s internal project execution tracking platforms. "Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric's products and services remain unaffected," a company spokesman wrote in an email to a popular publication.

According to the ransom note, the breach reportedly stems from a vulnerability in Schneider’s Atlassian Jira system. Hellcat claims to have compromised critical project-related data, including issues, plugins, and more than 400,000 rows of user data and is pressuring Schneider to act swiftly to prevent the data from going public.

The ransom demand has garnered attention not just for its unusual nature but also for its timing. Last Monday, Schneider appointed Olivier Blum as its new CEO, marking his first week on the job with an unexpected cybersecurity crisis. The Hellcat group’s ransom note even addressed Blum directly, stating, “Failure to meet this demand will result in the dissemination of the compromised information. Your choice Olivier”.

Hellcat’s cheeky, bread-centric demand adds an odd twist to an otherwise tense cybersecurity incident. Cybersecurity experts suggest that Hellcat may be using humor to distract from a serious threat, but the risk remains significant, especially as this marks Schneider’s third major breach in less than two years.

Earlier this year, the company’s Sustainability Business division was hit by the Cactus ransomware, and in 2023, Schneider was among thousands affected by the CL0P ransomware crew in the MOVEit attacks. The trend of cybersecurity incidents at Schneider highlights the growing vulnerability of large enterprises to sophisticated attacks.