cyber security

Another example of why security should be baked in

Schneider Electric's embarrassing breach will cost it a lot of bread to fix
Blogs

7 November 2024

I know things are starting to get very serious right now, what with the US elections just over, our own due in a few weeks and Germany tottering on the brink of an election as well, but I just want to leaven the mood a little bit with a story I saw on The Register.

I can’t guarantee the story will raise your spirits because, after all, it does involve illegality although, as more than 72 million US voters will testify, that probably doesn’t matter.

The story involves a data breach at Schneider Electric by a ransomware group called Hellcat which claims to have compromised “critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB Compressed Data”.

 

advertisement



 

The group has demanded the company pay a ransom of $125,000 to prevent the data being leaked. For a company like Schneider Electric, that might not seem like a lot of dough but it is, in fact, quite a lot because Hellcat has demanded the ransom be paid in baguettes.

As far as I’m aware this is not a new form of crypto currency but it’s definitely a lot of bread. The average price of a baguette in France is about €1 so we’re looking at 116,000 baguettes or thereabouts (subject to minor falls or increases in the exchange rate). With a typical weight of around 250 grams or so, you’re talking about 29,000 kilos of baguettes.

Looking at those figures, you can begin to understand precisely why money was invented. Quite how Schneider Electric is supposed to transport and deliver 29,000 kilos of baguettes to an anonymous ransomware gang is anybody’s guess. Does it leave them in a couple of unmarked bakery trucks? How would Hellcat haul them away? Think how quickly they would have to be eaten before they go stale.

Everyone knows baguettes are better the fresher they are from the oven so does that mean Hellcat needs to specify a drop off zone that’s quite close to a bakery? Not only that, but a bakery that’s capable of producing 116,000 baguettes in very short order. Or does it have baguettes supplied from a number of bakeries dotted around the country?

One detail that no one seems to have picked up on is that while the message from Hellcat stated failure to meet its demands “will result in the dissemination of the compromised information”, it added that if the CEO of Schneider Electric admitted the breach it would “decrease the ransom by 50%”.

Given the logistical challenges I’ve outlined above that seems like much kneaded good news. Even if it does require Schneider Electric to publicly acknowledge the leak. Which it pretty much did by stating it was “investigating a cybersecurity incident involving unauthorised access to one of our internal project execution tracking platforms which is hosted within an isolated environment”.

Presumably, that takes it down to 62,500 baguettes now.

The big question is whether Hellcat’s novel form of payment will catch on. After all, notes can be marked and traced. Try marking 125,000 baguettes. Or 29,000 kilos of avocados if that’s what the next lot ask for. Maybe bratwurst, if it’s a German company.

Admittedly, an electronic transfer or payment in crypto is likely to be faster and harder to intercept. But it doesn’t come with that fresh baked smell.

Read More:


Back to Top ↑

TechCentral.ie