Baguette instead of Bitcoin: hacker group demands bread as ransom

Hacking seems to make you hungry. On Monday evening, French electrical engineering group Schneider Electric was hacked. The perpetrators - a hacker group called Hellcat - claim to have gained access to the company's Jira system. Hellcat stole a total of 40 gigabytes of data from there.

Deliver us baguettes and we'll delete the data

According to Hellcat, the data includes information on projects, current support cases, but also 400,000 data records with personal data of employees and customers. On Platform X, a user called greppy posted a screenshot showing a small extract of the data set - as proof of the offence.

Curious: As is often the case in such cases, Hellcat is demanding a ransom in return for not publishing the data. But they don't want money, they want baguettes. In their letter to Schneider Electric, they demand a delivery of the pastries worth 125,000 US dollars. At an estimated baguette price of 95 euro cents and the current daily dollar exchange rate, this would be 118,750 baguettes.

The good news for Schneider Electric: Hellcat is prepared to halve the claim if the company publicly admits to the hack. This has been done, so the claim now only amounts to 59,375 baguettes.

Schneider Electric confirmed the incidents to the Portal Bleeping Computer and states that the Incident Response Team is already looking into the matter. However, the company's products and services are not affected.

Third hack in a year

Schneider Electric has fallen victim to a hacker attack for the third time in a year and a half. In June 2023, the hacker group Clop gained access to the system via the Moveit vulnerability. In January of this year, several terabytes of data are said to have been stolen again by the Cactus group.

The only question now is how Schneider Electric is to fulfil the Baguette claim. Although there is no confirmed information, it can be assumed that Hellcat did not provide a recipient address for the delivery of the French bread.