Hackers Demand $125K in French Bread in Crypto Ransomware Attack

A French multinational corporation has been targeted by a ransomware group that couldn’t help but play to national stereotypes, demanding to be paid in baguettes.

The gang said it wants $125,000 worth of the French bread, or it will leak from 40GB worth of stolen private data from Schneider Electric. A media report claims that the firm is really demanding crypto.

The ransomware group, calling itself Hellcat, is represented by a pseudonymous Twitter (aka X) user named Grep, who communicated the demands. Gerp claims the group infiltrated Schneider Electric to target “sensitive customer and operational information,” which it will expose if the ransom is not paid.

The situation is still ongoing. Schneider Electric did not immediately return a request for comment.

While the baguette-based demands are what is publicly shown, Cyberscoop reports the group is willing to accept crypto Monero in lieu of bread. Monero is a privacy-centric coin designed to make it very difficult to track transactions on-chain. It’s a popular pick for cybercriminals, though it has legitimate uses as well.

The baguette demand is a marketing tactic designed to help this newcomer stand out in the ransomware market, Picus Security researcher Huseyin Can Yuceel told Cyberscoop, potentially positioning it to sell its services more effectively down the line.

Schneider Electric confirmed that it “is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms, which is hosted within an isolated environment.” However, the firm said its “products and services remain unaffected.”

This is the third breach of Schneider Electric in less than two years. Cactus ransomware infected the company’s Sustainability Business division in February. In June 2023, the firm was hit by the CL0P ransomware crew as part of the MOVEit attacks, which affected thousands of organizations and millions of individuals.

In this recent instance, over 400,000 rows of user data are in the possession of the ransomware group, it claims. It ended the message by addressing “Olivier,” presumably the new CEO, Olivier Blum.

The group noted that Schneider has annual revenues above $40 billion, but otherwise, it did not make any direct references as to why it targeted that business specifically. According to the company’s own figures, its revenue stood at €36 billion (US$38 billion) by the end of last year.

Edited by Sebastian Sinclair

Source