Johnson Controls International (JCI) this week reported in a filing with the US Securities and Exchange Commission (SEC) that it had suffered a cyberattack that caused disruptions to its internal IT infrastructure.

In addition, two of the company’s subsidiaries, Simplex and York, are reportedly displaying messages of a “technical outage” on customer portals and login pages.

Gameel Ali, a researcher at Nextron Systems, shared a tweet including a ransom note from cybergang Dark Angels in its VMware ESXi encryptor, stating: “HELLO dear Management of Johnson Controls International! If you are reading this message, it means that: your network infrastructure has been compromised, critical data was leaked, files are encrypted, backups are deleted.” The note went on to say, “The best and only thing you can do is to contact us to settle the matter before any losses occurs.”

The gang has allegedly stolen over 27TB of data and encrypted the company’s VMware ESXi machines in a ransomware attack.

“Johnson Controls is one of the leaders in digital technologies and services for buildings in key industries such as healthcare, airports, hotels and stadiums,” Lior Yaari, CEO and co-founder of Grip Security, said in an emailed statement. “If the breach expands beyond the company itself to the systems deployed by their customers, this attack could wreak havoc on huge swaths of businesses.”

Johnson Controls said in the SEC filing that its applications remain operation and unaffected but that it continues to review the financial impact on its fiscal year results. The company has also established an incident management and protection plan to mitigate fallout from the attack.