CCI | Computer Support

View Original

Johnson Controls International Faces Major Cyberattack: Disruptions and Implications

In a recent turn of events, Johnson Controls International (JCI), a leading company specializing in digital technologies and services for buildings, has fallen victim to a substantial cyberattack. This attack, detailed in a filing with the US Securities and Exchange Commission (SEC), has had significant consequences, affecting not only JCI but also its subsidiaries. In this article, we explore the key details of the incident, the impact on JCI and its customers, and the broader implications of such attacks.

The Cyberattack and Subsidiary Disruptions

JCI reported that it had suffered a cyberattack that disrupted its internal IT infrastructure. Additionally, two of its subsidiaries, Simplex and York, have faced disruptions, with technical outage messages appearing on customer portals and login pages. This kind of disruption can significantly affect business operations and customer interactions.

Dark Angels: The Ransomware Gang

A significant revelation about this attack is the involvement of a cybercriminal group known as Dark Angels. A tweet by Gameel Ali, a researcher at Nextron Systems, contained a ransom note from Dark Angels embedded within their VMware ESXi encryptor. The note outlined the compromise of JCI's network infrastructure, data leakage, file encryption, and the deletion of backups. It further stated that the best course of action for JCI was to contact the attackers to resolve the matter.

The group claimed to have stolen an alarming 27 terabytes of data and had encrypted JCI's VMware ESXi machines, a clear indicator of their sophisticated attack capabilities.

Potential Wider Impact

The implications of this cyberattack extend beyond JCI itself. Lior Yaari, CEO, and co-founder of Grip Security, expressed concern that if the breach were to expand beyond JCI and affect the systems deployed by their customers, it could have devastating consequences for various industries such as healthcare, airports, hotels, and stadiums. This underscores the interconnectedness of digital technologies and the potential ripple effects of a single cyberattack.

JCI's Response and Ongoing Assessment

In its SEC filing, JCI stated that its applications remained operational and unaffected by the attack. However, the company is actively assessing the financial impact on its fiscal year results. JCI has also taken immediate action by establishing an incident management and protection plan to mitigate the fallout from the attack. Such responses are crucial in minimizing the long-term damage caused by cyberattacks.


The cyberattack on Johnson Controls International is a stark reminder of the persistent and evolving threat landscape in the digital age. It not only disrupts the targeted organization but also has the potential to cascade through interconnected systems, impacting multiple sectors. As organizations increasingly rely on digital technologies, they must be vigilant in their cybersecurity efforts and prepared to respond swiftly to incidents. Johnson Controls' response to this attack serves as a blueprint for how companies can mitigate the fallout and protect their operations and reputation in the face of such challenges. The evolving nature of cyber threats requires constant vigilance and adaptation in the realm of cybersecurity.

Bleeping Computer

Dark Reading