Johnson Controls International (JCI) reported in a regulatory filing this week that a cyber attack has caused disruptions to the company’s internal IT infrastructure and applications and an investigation is ongoing.
JCI said in its filing with the U.S. Securities and Exchange Commission that after detecting the issue it began probing the incident with help from external cybersecurity experts, adding the company is “also coordinating with its insurers.”
Multiple media outlets, including Bleeping Computer and Bloomberg, have reported that the Dark Angels ransomware group has claimed responsibility for the attack and threatened to publish 25 terabytes of the organization’s data if a $51 million ransom isn’t paid.
“The company continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate.”
The filing said many of the company’s applications are “largely unaffected” and remain operational, but workarounds have been implemented for certain operations to “mitigate disruptions and continue servicing its customers.
“However, the incident has caused, and is expected to continue to cause, disruption to parts of the company’s business operations. The company is assessing whether the incident will impact its ability to timely release its fourth quarter and full fiscal year results, as well as the impact to its financial results.”
A spokesperson for JCI would not provide additional comment on the company's response or operations Friday, pointing to its SEC filing earlier this week.