A French multinational corporation was targeted by a ransomware group that couldn’t resist playing on national stereotypes, demanding to be paid in baguettes.

The gang said they wanted $125,000 worth of French bread, or they would leak 40GB of private data stolen from Schneider Electric. A media report claims that the firm is indeed asking for cryptocurrencies.

The ransomware group, calling itself Hellcat, is represented by a pseudonymous Twitter user (alias X) named Grep, who communicated the requests. Gerp claims the group infiltrated Schneider Electric to target “sensitive customer and operational information,” which it will expose if the ransom is not paid.

The situation is still ongoing. Schneider Electric did not immediately return a request for comment.

While wand-based requests are the ones shown publicly, Cyberscoop rEPORTS the group is willing to accept Monero crypto instead of bread. Monero is a privacy-centric coin designed to make it very difficult to track transactions on the chain. It’s a popular choice for cybercriminals, although it has legitimate uses as well.

Asking for wands is a marketing tactic designed to help this newcomer stand out in the ransomware market, Picus Security researcher Huseyin Can Yuceel told Cyberscoop, potentially positioning it to sell its services more effectively going forward.

Schneider Electric confirmed that it is “investigating a cyber security incident involving unauthorized access to one of our internal project execution tracking platforms, which is hosted in an isolated environment.” However, the firm said its “products and services remain unaffected”.

This is Schneider Electric’s third breach in less than two years. The Cactus ransomware infected the company’s Sustainability Business division in February. In June 2023, the firm was hit by the CL0P ransomware team as part of the MOVEit attacks, which affected thousands of organizations and millions of individuals.

In this recent case, more than 400,000 rows of user data are in the ransomware group’s possession, it claims. He ended the message by addressing “Olivier”, presumably the new CEO, Olivier Blum.

The group noted that Schneider has more than $40 billion in annual revenue, but otherwise made no direct reference as to why it specifically targeted that business. According to own company figuresits revenue stood at €36 billion ($38 billion) by the end of last year.

Edited by Sebastian Sinclair