The global pioneer in the production of security equipment, among other solutions, Johnson Controls International (JCI) suffered a ransomware attack. The Johnson Controls cyberattack was announced via an official Security and Exchange Commission (SEC) filing.
The cyberattack seems to have hampered the company’s IT infrastructure. According to the filing, the Johnson Controls data breach affected a portion of their system.
According to online reports, the Johnson Controls cyberattack was first reported in Asia and affected the company’s devices, such as the VMware ESXi servers.
The data breach has also reached the point of a ransom demand, although no threat actor has been named at this point.
The Johnson Controls data breach decoded
The Johnson Controls data breach ransom amount is estimated to be around $51 million. The threat actor has also claimed to delete the “27 terabytes of stolen data”.
According to official reports, the Johnson Controls data breach took place when the company fell victim to a ransomware attack.
The attack was orchestrated by an unknown hacker group, which encrypted the company’s data, disrupting operations across its subsidiaries, including York, Tyco, Luxaire, and others.
The impact of the Johnson Controls cyberattack is still reverberating through the company. Several subsidiaries, such as York, Simplex, and Ruskin, experienced technical issues, as evidenced by outage messages on their respective websites and customer portals.
The incident has not only exposed vulnerabilities in the company’s IT infrastructure but also raised questions about its preparedness for future cyber threats.
Johnson Controls Hacked: Past Incidents and lessons learned
This Johnson Controls data breach is not the first incident that the company has faced. In a similar incident in 2017, and 2019, the company faced a similar attack.
The Johnson Controls cyberattack in 2017 was limited to the company’s surveillance cameras in Washington, D.C. The subsequent Johnson Controls ransomware attack in 2019 made the company release a product security advisory.
This advisory addressed a vulnerability exploited in the Microsoft SMB protocol amounting to the JCI cyberattack. The vulnerability exploitation potentially impacted specific Metasys installations and led to the ransomware attack on Johnson Controls International.
In response, the company even published a white paper focusing on mitigating the risk of the Johnson Controls ransomware attack in smart buildings, highlighting the importance of proactive cybersecurity measures.
The aftermath of the Johnson Controls cyberattack has left some aspects of Johnson Control’s IT infrastructure vulnerable, with potential repercussions on its financial performance.
With a solid market cap of $37.11 billion, the company’s P/E ratio of 18.19 reflects a trading price relative to its near-term earnings growth. However, the disruption caused by the JCI data breach introduces an element of uncertainty into the company’s financial outlook
As investigations continue into this Johnson Controls cyberattack, stakeholders and industry experts alike will be closely monitoring how Johnson Controls navigates through this crisis.
The forthcoming earnings report, scheduled for November 9, 2023, will offer valuable insights into the financial impact of the JCI ransomware attack and the firm’s resilience in the face of evolving cyber threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.