Multinational energy management company Schneider Electric said on Tuesday it was the victim of a cyberattack, with attackers behind a new ransomware variant claiming responsibility.

“Schneider Electric is investigating a cybersecurity incident involving unauthorized access to one of our internal project execution tracking platforms, which is hosted in an isolated environment,” a spokesperson said in an emailed statement. “Our Global Incident Response team was immediately mobilized to respond to the incident. Schneider Electric products and services remain unaffected.”

The company was a listed victim on the Hellcat ransomware variant leak site, with attackers demanding a ransom of $150,000 in “baguettes,” an obtuse reference to the company’s headquarters in France. In reality, the attackers are looking for payment in Monero, a privacy-oriented cryptocurrency.

HellCat claims to have more than 40 gigabytes of data from the company’s JIRA platform, “including projects, issues and plugins, along with more than 400,000 rows of user data.” Jira is a general-purpose application used for project management that may contain sensitive or proprietary information about employees or large projects.

Attackers did not further describe what type of information was stolen.

“To secure the deletion of this data and prevent its public release, we are demanding a payment of $125,000 USD in baguettes. Failure to comply with this requirement will result in the distribution of the compromised information,” the note said, adding that “mentioning the breach” will reduce the ransom by half. “It’s your choice Olivier…”

The message apparently refers to Schneider Electric’s new CEO, Olivier Blum, who took over as CEO this week after Peter Herweck was removed from the position.

HellCat has previously published documents that they claim come from the Jordanian Ministry of Education and Tanzania’s College of Business Education.

The incident marks the third time in the past 18 months that Schneider Electric has been attacked by ransomware groups. In January, the company’s sustainability division was hit by the Cactus ransomware. In June 2023, the company announced that it had been targeted by Cl0p via the exploit used in the MoveIT breach.