The hacker group, called Hellcat, posted to its dark web ransomware leak site that it had stolen "more than 40 GB of compressed data" from the project management software of Schneider Electric, a multinational corporation based in France.
"To secure the deletion of this data and prevent its public release, we require a payment of $125,000 USD in Baguettes," the statement read. "Stating this breach will decrease the ransom by 50%, its [sic] your choice Olivier…"
On Monday, a man named Oliver Blum was appointed as Schneider's new CEO. The company confirmed to the tech website BleepingComputer that it was "investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms which is hosted within an isolated environment," adding, "Our Global Incident Response team has been immediately mobilized to respond to the incident. Schneider Electric's products and services remain unaffected."
The outlet also reported that a "threat actor" only known as "Grep" taunted Schneider on X, stating "Hey @SchneiderElec how was your week? Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data >_<"
Grep also spoke to BleepingComputer, claiming he was a part of the recent formation of Hellcats and that they were "extorting Schneider Electric, demanding $125,000 not to leak stolen data, and half of that if an official statement is released."
The user also stated the information the hackers had obtained from the company's JIRA project management includes "75,000 unique email addresses and full names for Schneider Electric employees and customers."
The post from Hellcats to the dark web read: "This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totally more than 40GB Compressed Data."
The "Baguettes" the hackers ask for are thought to be a joke, and that their real desire is $125,000 worth of cryptocurrency known as Moreno, which is reportedly known for its privacy and anonymity.
Speaking to Forbes, security researcher Hüseyin Can Yuceel said the "Baguettes" reference is Hellcats' way of “trying to get attention and establish trust for future victims and associates for a possible Ransomware-as-a-Service operation.”
Grep told BleepingComputer that Hellcats have not extorted companies they've breached until now. This marks the third security breach for Schneider in under two years.