We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Johnson Controls Cyberattack Cost the Company $27M

Johnson Controls Cyberattack Cost the Company $27M
Author Image Husain Parvez
Husain Parvez Published on 4th February 2024 Cybersecurity Researcher

Johnson Controls International, a leading multinational conglomerate, has reported a staggering $27 million in expenses tied to the remediation of a ransomware attack that occurred in September 2023.

The attack, which was first reported by BleepingComputer, was orchestrated by the Dark Angels ransomware gang, a group known for using encryptors based on the leaked source code of the now-defunct Babuk and Ragnar Locker operations. The gang claimed to have stolen over 27 TB of confidential data from Johnson Controls and demanded a $51 million ransom for the deletion of the data and provision of a file decryptor.

The attack, which originated in the firm's Asia offices, led to a significant shutdown of Johnson Controls' IT infrastructure, impacting customer-facing systems. The company's quarterly report filed with the US Securities and Exchange Commission (SEC) detailed the incident as "unauthorized access, data exfiltration, and deployment of ransomware by a third party to a portion of the Company's internal IT infrastructure."

The report further stated that “the impact on net income for the three months ended December 31, 2023 of lost and deferred revenues, net of revenues deferred at the end of fiscal 2023 and recognized in the first quarter of fiscal 2024, and expenses during the quarter was approximately $27 million”.

Johnson Controls, known for its industrial control systems, security equipment, air conditioners, and fire safety equipment, has assured that there is no evidence of any impact on its digital products, services, and solutions, including OpenBlue and Metasys. All unauthorized activity appears to have been contained.

Dark Reading highlighted the company's efforts in implementing its incident management and response plan and business continuity plans, which included retaining outside cybersecurity specialists.

As the investigation and remediation efforts continue, with an ongoing analysis of data accessed or exfiltrated during the cybersecurity incident, Johnson Controls anticipates additional expenditures in the recovery process.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.