Hackers demand $125K or Monero in Schneider Electric breach

In a peculiar twist, a ransomware group known as Hellcat has targeted French multinational Schneider Electric, demanding a ransom of $125,000 which is in the form of baguettes.

If unpaid, the hackers threaten to release 40GB of sensitive data, reportedly containing customer and operational information.

The group communicated through a pseudonymous Twitter (X) user named Grep, who indicated that Monero (CRYPTO:XMR), a privacy-focused cryptocurrency, would also be accepted.

While the baguette demand grabs attention, sources such as Cyberscoop report that it serves as a “marketing tactic” to differentiate Hellcat in the crowded ransomware field.

“It’s likely a strategy to make their services stand out,” noted Huseyin Can Yuceel, a researcher from Picus Security.

By leveraging humor with the unusual request for baguettes, Hellcat aims to position itself for potential clients within the cybercrime market.

“We are investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms, which is hosted within an isolated environment,” Schneider Electric confirmed, acknowledging the breach.

The company assured the public that its core products and services remain unaffected.

This latest incident marks Schneider Electric’s third cyber breach in two years, following previous attacks by the Cactus ransomware group and CL0P ransomware as part of the MOVEit attacks.

Hellcat’s latest breach, involving over 400,000 rows of user data, concluded with a message directed at Schneider’s new CEO, Olivier Blum.

While Hellcat did not specify its reasons for targeting the company, the group acknowledged Schneider’s substantial revenues, exceeding $40 billion.

Monero remains a favored currency among cybercriminals due to its emphasis on transaction privacy, though it also has legitimate uses.

At the time of reporting, the Monero price was $163.28.