Johnson Controls International, which fell victim to a ransomware attack in September last year, announced that the attack cost a total of $27 million.
The attack, coming from the Dark Angels ransomware gang, was able to steal 27 terabytes of data and the perpetrators asked for $51 million to delete the data and provide an encryption key.
Bleeping Computer, which first reported the attack at the time, now notes in documents from the American stock exchange watchdog SEC that the company estimates the costs of that attack at 27 million dollars.
This includes impact on net profit in the last quarter of 2023, other lost revenue through the end of its 2023 fiscal year and early 2024, plus costs incurred to stop or respond to the attack.
More costs in the future
But that price tag is not the end point. Johnson Controls says costs will increase in the coming months as it works with experts to determine what data was stolen. The hackers’ activities have now been completely banned from the systems and the impact on its products and services has now been eliminated.