Johnson Controls International has confirmed a cybersecurity incident that disrupted its internal IT infrastructure and applications, according to a filing with the Securities and Exchange Commission made on Wednesday. Although the company did not specify the nature of the incident, security experts are attributing it to a ransomware attack.
The company, originally founded in Milwaukee but now headquartered in Cork, Ireland, specializes in manufacturing industrial control systems, security systems, and HVAC equipment. Johnson Controls is actively working to minimize the impact of the cyberattack while assessing the extent of the affected information.
Despite the disruption, many of the company’s applications are still operational, and workarounds have been implemented wherever possible, as stated by the company. In the SEC filing, Johnson Controls acknowledged the ongoing disruption to parts of its business operations due to the incident.
According to reports from Bleeping Computer, a threat actor encrypted numerous company devices, including VMware ESXi servers. Cybersecurity experts, such as Allan Liska from Recorded Future, view the attack as severe, given its ability to disrupt various systems within Johnson Controls’ network.
However, the impact seems to be contained within Johnson Controls and has not spread to its customers’ environments, indicating that the ransomware hasn’t propagated widely. Despite this, the exact nature of the data stolen by the ransomware group remains unknown, raising concerns among experts.
With nearly 100,000 employees across subsidiaries like ADT, Tyco, York, SimplexGrinnell, and Ruskin, Johnson Controls plays a critical role in various sectors, from transportation to energy and defense. Tom Kellermann, SVP of cyber strategy at Contrast Security, emphasized the significance of this attack, anticipating prolonged effects and expressing worries about potential follow-up attacks using Johnson Controls’ infrastructure.
Cybersecurity Dive sought comments from Johnson Controls, but the company referred back to the SEC filing, stating that investigations and remediation efforts are ongoing. The company is evaluating whether the incident will impact its ability to release its fourth-quarter and full fiscal year results, as well as its financial performance.