Johnson Controls Lost $27M and Corporate Data in September Ransomware Attack

The JCI ransomware attack forced the firm to shut down large portions of its IT infrastructure, which affected customer-facing systems.

Johnson Controls Lost $27M and Corporate Data in September Ransomware Attack

Adobe Stock image courtesy of Suttipun

MILWAUKEE — Alarm and building automation giant Johnson Controls confirmed in its quarterly filing with the Securities and Exchange Commission that the company lost $27 million in expenses and corporate data in the ransomware attack in which it was victimized in September.

Johnson Controls’ data breach started in its Asia offices, before the attackers increased the breach across the company’s global network, according to a BleepingComputer report. The attack “forced the firm to shut down large portions of its IT infrastructure, which affected customer-facing systems,” the report says.

“The cybersecurity incident consisted of unauthorized access, data exfiltration, and deployment of ransomware by a third party to a portion of the Company’s internal IT infrastructure,” Johnson Controls wrote in its SEC filing Monday, Jan. 30.

“The impact on net income for the three months ended December 31, 2023, of lost and deferred revenues, net of revenues deferred at the end of fiscal 2023 and recognized in the first quarter of fiscal 2024, and expenses during the quarter was approximately $27 million,” the SEC filing says. “These impacts were primarily attributable to expenses associated with the response to, and remediation of, the incident, and are net of insurance recoveries.”

Inside the Johnson Controls Ransomware Attack

The Dark Angels ransomware gang was behind the attack and claimed to have stolen more than 27 terrabytes of confidential data from Johnson Controls. The threat actors then demanded a $51 million ransom to delete the data and provide a file decryptor, according to the BleepingComputer report.

Dark Angels is a ransomware gang launched in May 2022 using encryptors based on the leaked source code of the now-defunct Babuk and Ragnar Locker operations, the report says.

A Johnson Controls spokesperson had no additional comment to SSI on the extent or scope of the data breach beyond its most recent SEC filing.

Johnson Controls hired “external cybersecurity experts” to recover from the “cybersecurity incident,” and worked with its insurers to recover from the ransomware incident, according to a previous SEC filing filed shortly after the breach.

The company confirmed it was a ransomware incident in its SEC filing yesterday.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Craig MacCormack is a veteran journalist who joined Security Sales & Integration in June 2023 as web editor. He covered AV, IT and security with SSI's sister publication, Commercial Integrator, from January 2011 to June 2021.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters