The Johnson Controls Ransomware Attack – Impact and Key Insights Review

Around September 2023, Johnson Controls International, who build technology and industrial control systems, was hit by a large-scale ransomware attack.

Over 27 TB of data was stolen, and the ransom was set at $51 million in return for a decryption tool to unscramble the files and a confirmation that the stolen data would be erased.

The breach reportedly started in Johnson Controls’ offices in Asia. Vulnerabilities in regional systems were exploited. The ransomware used malware built on leaked source code from Babuk and Ragnar Locker.

The Johnson Controls ransomware attack caused financial and operational damage. It showed how widespread a cybersecurity problem can really be. Johnson Controls reported a $27 million drop in net income for Q1 in 2024. This loss resulted directly from the attack itself.

The costs included $23 million for incident response and fixing the issues. There was also an extra $4 million in lost revenue because of disruptions.

Revenue collection was delayed, and there were cash flow problems. Most supply chain operations were hampered and service delivery stopped or slowed throughout the entire infrastructure.

One major part of the Johnson Controls ransomware attack was the theft of over 27 TB of data. This data had unique designs, technologies and trade secrets for industrial control systems and building automation. Sensitive client details were also part of it.

More specifically, the stolen data also included building floor plans and other important security details. This was quite a problem, especially for U.S. federal agencies and defense clients.

The theft of physical security information raised many concerns. Government agencies, including the Department of Homeland Security looked at the potential risks to national security.

Johnson Controls International took action to minimize the impact of the attack and get things running again. The initial attack vector was quickly found and isolated by the company – this put a stop to additional data theft. It also restricted the plans of the attackers in the future.

Johnson Controls used backups and other tools available to recover systems and applications. Customer platforms, like their Simplex Customer Portal, faced some delays, however most operations resumed quickly.

Today, the company is optimistic about recovering a substantial portion of its direct costs through cyber insurance coverage. While this financial help is useful, unfortunately, it doesn’t erase the long-term reputational and operational damage that has been incurred.

Lastly, the Cybersecurity and Infrastructure Security Agency (CISA) is now working with Johnson Controls to assess the risk to government contracts and national security.

The ransomware attack on Johnson Controls is a warning for companies—businesses in manufacturing and infrastructure must improve their cybersecurity posture.

A good strategy involves using a zero trust framework. This type of approach allows access only to verified identities. Devices must follow your compliance rules and users operate with the least privilege necessary.

Organizations should also focus on creating and improving incident response plans. This approach helps teams contain breaches and it reduces downtime. It also lowers financial losses and speeds up recovery efforts.

In general, while insurance cannot prevent cyberattacks, it can help cushion the financial impact of large-scale incidents like the Johnson Controls breach.

No company is safe from cyberthreats – even large ones – as evidenced by the Johnson Controls ransomware attack. It led to the loss of 27 TB of sensitive data and disruption of their operations.

Finding and responding quickly to vulnerabilities helps prevent future incidents. An incident response plan is also important. Finally, working with government agencies cuts down on attacks even more.

BlackFog ADX (anti data exfiltration) protects against ransomware and other cyberattacks. This next-generation tool stops attacks right at their source. Most tools detect threats only after they are inside your network.

ADX prevents unauthorized data flow in real time. It blocks any data sent to unsafe locations. Even if attackers gain access to your systems, they cannot steal or encrypt your important information.

Don’t wait for a breach to disrupt your operations. Get top tier ADX technology to protect your business. BlackFog ADX is designed to keep your data safe. It ensures your operations are safe, and you can sleep well. Learn more today.