{"id":2035664,"date":"2024-11-06T12:29:24","date_gmt":"2024-11-06T17:29:24","guid":{"rendered":"https:\/\/securityboulevard.com\/?p=2035664"},"modified":"2024-11-06T12:29:24","modified_gmt":"2024-11-06T17:29:24","slug":"schneider-electric-hellcat-richixbw","status":"publish","type":"post","link":"https:\/\/securityboulevard.com\/2024\/11\/schneider-electric-hellcat-richixbw\/","title":{"rendered":"Schneider Electric Confirms Ransom Hack \u2014 Hellcat Demands French Bread as \u2018Joke\u2019"},"content":{"rendered":"
\"Baguettes\"<\/a>$125,000 ransom seems small\u2014but why do the scrotes want it paid\u202f\u202fin\u202f\u202fbaguettes<\/i>?<\/strong><\/h5>\n

French manufacturing firm Schneider Electric (EPA:SU)<\/strong> was attacked last week. The Hellcat gang\u2014formerly International Contract Agency\u2014claimed it stole the data of 400,000 customers and employees.
\n
\nKnown as \u201cGrep\u201d or \u201cGreppy,\u201d<\/strong> the hacker\u2019s searching for baguettes in payment. In today\u2019s SB\u202f\u202fBlogwatch<\/a>, we want fries with that.
\n
\nYour humble blog\u00adwatcher<\/a> curated these bloggy bits for your enter\u00adtain\u00adment. Not to mention:\u202f\u202fU2 vs. Guns N\u2019 Roses<\/i>.
\n<\/p>\n

That\u2019s a Lot of Pain<\/i><\/h2>\n

What\u2019s the craic?<\/strong> Lawrence Abrams broke the story: Schneider Electric confirms dev platform breach after hacker steals data<\/a><\/p>\n

\u201c$125,000 in \u2018Baguettes\u2019<\/tt>\u201d<\/strong>
\nSchneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company’s JIRA server. \u2026 Schneider Electric is a French multinational company that manufactures\u202f\u2026\u202fproducts ranging from household electrical[s]\u202f\u2026\u202fto enterprise-level industrial control and building automation.
\n\u2026
\nOver the weekend, a threat actor known as “Grep” taunted the company on X, indicating they had breached its systems. [They] say they rebranded as the Hellcat ransomware gang and are currently in the process of testing an encryptor to be used in extortion attacks. \u2026 They claimed to use a MiniOrange REST API to scrape 400k rows of user data, which Grep says includes 75,000 unique email addresses and full names for Schneider Electric employees and customers.
\n\u2026
\nThe threat actor jokingly demands $125,000 in “Baguettes” not to leak the data. \u2026 Earlier this year, Schneider Electric\u202f\u2026\u202fwas breached in a Cactus ransomware attack, where the threat actors claimed to have stolen terabytes of data.
\n<\/p>\n

Zut alors!<\/strong> Sead Fadilpa\u0161i\u0107 said: Schneider Electric says developer platform was breached, company data stolen<\/a><\/p>\n

\u201cLet\u2019s see<\/tt>\u201d<\/strong>
\nSchneider Electric has confirmed suffering its second cyberattack and data leak in recent months. \u2026 Obviously, the attacker doesn\u2019t want hundreds of thousands of baguettes \u2014 it\u2019s a joke, since Schneider Electric is\u202f\u2026\u202fFrench.
\n\u2026
\nInstead, they just want the victim company to acknowledge the breach within 48 hours. Since the company did just that, let\u2019s see if Greppy keeps their word.
\n<\/p>\n

Weak jokes R us.<\/strong> Mark Tyson tries harder: Hackers demand France\u2019s Schneider Electric pay<\/a><\/p>\n

Hand over the dough or your 40GB of secret data is toast. \u2026 The boulangerie product demands were published on the dark web.
\n<\/p>\n

All of which makes<\/strong> Jamie Jones<\/a> jest, joyfully:<\/p>\n

Maybe the crims want a slice of that action? However, they need to be careful not to leave any breadcrumbs for the police to follow, whilst hoping that the trail goes stale.
\n\u2026
\nI’ll get my coat. No knead to rise to the bait.
\n<\/p>\n

Joking aside,<\/strong> TheRealMindChild<\/a> isn\u2019t impressed much:<\/p>\n

This is a script kiddy that has no intention of actually collecting the baguettes. It is high school level shenanigans.
\n<\/p>\n

But is Jira itself vulnerable?<\/strong> u\/Tullzterrr<\/a> hopes so:<\/p>\n

I hope they hack my Jira and steal all of my tickets. Sick of this ****ing thing.
\n<\/p>\n

Wait. Pause.<\/i><\/strong> BigIrv<\/a> is cut up:\u00a0[You\u2019re fired\u2014Ed.]<\/em><\/p>\n

Duh. \u2026 Should have asked for baguette diamonds<\/i>.
\n<\/p>\n

Lost in translation?<\/strong> Marty McFly<\/a> laughs in funny money:<\/p>\n

Errr. Y’all realize there is actually a cryptocurrency called “Baguette,” right? \u2026 The total supply of BGTT is 50M units, at a value of $0.0009146 USD. That means the total supply is worth a bit over $45,000 in USD. So this ransom is impossible to pay because there is not enough BQTT in existence.
\n\u2026
\n[Perhaps] this ransom is actually an attempt to move the market. If the coin became worth a full cent, that would be a 10x on their “investment” at current prices. Their payday would be profitably selling their coins on the open market so that Schneider could have enough to actually pay the fine.
\n<\/p>\n

But what\u2019s all this about halving the ransom?<\/strong> Pierce2623<\/a> wonders if Hellcat really<\/i> cares about disclosure:<\/p>\n

To be fair, most of these hacking groups claim they\u2019re just trying to expose companies for not keeping customer data safe, etc. And then, after making that claim, they sell the people\u2019s data on the dark web because they\u2019re really just ****heads.
\n<\/p>\n

Meanwhile,<\/strong> drainbramage<\/a> channels Jean-Jacques Rousseau (not Marie Antoinette):<\/p>\n

Donut pay them! Let them eat cake.
\n<\/p>\n

And Finally:<\/h4>\n

U N\u2019 2<\/a><\/b>