Description: The Dark Angel ransomware group launched a cyber attack on Johnson Controls, a US building technologies manufacturer, encrypting computers and VMware ESxi servers and stealing over 27TB of corporate data. The attack occurred over the weekend of 23-24 September 2023.

Context: The group initially breached Johnson Controls at its Asian offices. According to a ransom note, the Dark Angel ransomware group demanded $51 million to delete the stolen data and decrypt the encrypted systems. Johnson Controls has indirectly acknowledged the data theft in an 8K form filed with the US Securities and Exchange Commission (SEC), stating that it is yet to determine which data was affected.

Importance: This attack is significant as it affects not only a major US manufacturer, but it also represents a critical infrastructure threat. The amount of data stolen and the demand for a substantial ransom highlight the serious nature of this cyber attack.

Key Points: 1. The Dark Angel ransomware group encrypted computers and servers of Johnson Controls and stole corporate data.

Urgency: High. The attack has already occurred, and the ransom demand, coupled with the significant amount of data stolen, presents an immediate threat to Johnson Controls and potentially to other entities within the US critical infrastructure.

Recommended Actions: Immediate actions include a thorough investigation of the breach, assessment of the extent of the data theft, and strengthening cybersecurity measures to prevent further attacks. It is also recommended to liaise with law enforcement agencies and cybersecurity experts to handle the ransom demand.

Distribution: This report should be distributed to Johnson Controls’ management team, IT and cybersecurity departments, as well as relevant law enforcement agencies and the US Securities and Exchange Commission.