December 11, 2023

Johnson Controls is battling the notorious Dark Angels hackers who have locked up the company’s data and are demanding an astonishing $51 million for its release

In a filing with the SEC, Johnson Controls International revealed that the business is dealing with the fallout from a cyber event that affected parts of its internal IT infrastructure and applications.

The stakes of cyber showdown have left Johnson Controls reeling, disrupting its daily operations. It makes more worse that the sensitive Department of Homeland Security (DHS) information may be on the line, raising national security concerns. Johnson Controls has almost one hundred thousand employees amongst its several divisions and affiliates.


Johnson Controls, fell victim to a ransomware attack directed by a group known as Dark Angels. During the attack, the hackers infiltrated Johnson Controls’ IT systems, encrypted their data, and demanded a hefty ransom of $51 million for the decryption key and the promise to delete the stolen data.

The specific details of the data stolen during the Johnson Controls ransomware attack have not been publicly disclosed in great detail. However, it has been reported that the hackers claimed to have accessed approximately 27 terabytes of data.

The reports suggested that the stolen data could potentially encompass security information tied to third-party contracts and floor plans of certain agency facilities and some details may remain confidential due to the ongoing investigation and the sensitive nature of the information involved.

Dark Angels burst onto the scene in May 2022. Their modus operandi involves breaching corporate networks, stealing data, and deploying ransomware. They’ve gained notoriety for their use of double-extortion tactics, threatening to leak stolen data if ransoms aren’t paid.


Dark Angels initially employed Windows and VMware ESXi encryptors, the Linux encryptor used in the Johnson Controls attack has been traced back to the Ragnar Locker ransomware, which has been active since 2021.

In April 2023, Dark Angels unveiled ‘Dunghill Leaks,’ a data leak site designed to exert further pressure on their victims by exposing sensitive information if ransoms remain unpaid.

The audacity of Dark Angels’ digital siege reminds us that even industry titans can be brought to their knees by the relentless evolution of cyber threats.

The staggering ransom demand looms like a shadow over Johnson Controls, as the company grapples not only with the immediate consequences of the attack but also the potential long-term repercussions.


This attack serves as a stark reminder that no entity is immune to the evolving tactics of cyber adversaries. It underscores the critical importance of robust cybersecurity measures and rapid response strategies in our interconnected world.

The battle against these threats is an ongoing and ever-adaptive struggle, where vigilance, preparedness, and resilience are the keys to emerging unscathed from the shadows cast by those who seek to exploit our digital vulnerabilities

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.