Johnson Controls hit by ransomware attack

CORK, Ireland – A data breach has resulted in a large-scale ransomware attack perpetrated against Johnson Controls International.

The news comes courtesy of a regulatory filing made on Wednesday, Sept. 27, 2023, in which Johnson Controls details a cybersecurity incident that affected portions of its internal information technology infrastructure and applications, according to the filling. While the company notes it has implemented workarounds for affected systems and said that many remained unaffected, the company cautioned that it expects there will still be disruptions to some operations.

“The company is assessing whether the incident will impact its ability to timely release its fourth quarter and full fiscal year results, as well as the impact to its financial results,” Johnson Controls said in the filing.

According to an article published by technology news website Bleeping Computer quoting an anonymous source, the attack originated from a breach that occurred in Johnson Control’s Asia offices. Sources told the online publication that the perpetrators are a ransomware gang known as the Dark Angels who are demanding a $51 million ransom fee for the reported 27 TB of corporate data, in addition to the encryption of company systems.

“The company continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate,” Johnson Controls wrote.

Security Systems News (SSN) reached out to Johnson Controls for comment. In a reply representatives from the company stated, "We have experienced disruptions in portions of our internal information technology infrastructure and applications resulting from a cybersecurity incident. Promptly after detecting the issue we began an investigation with assistance from leading external cybersecurity experts and are also coordinating with our insurers. We continue to assess what information was impacted and are executing our incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate."

They added, "To date, many of our applications are largely unaffected and remain operational. To the extent possible, and in line with our business continuity plans, we implemented workarounds for certain operations to mitigate disruptions and continue servicing our customers. However, the incident has caused, and is expected to continue to cause, disruption to parts of our business operations. We are assessing whether the incident will impact our ability to timely release our fourth quarter and full fiscal year results, as well as the impact to our financial results.”