ABB, a prominent player in electrification and automation technology, has fallen victim to a crippling Black Basta ransomware attack. With significant disruptions to its operations, this incident serves as a reminder of the escalating cyber threats businesses face.
Headquartered in Zurich, Switzerland, ABB employs over 105,000 professionals and reported $29.4 billion in revenue last year. Its expertise lies in industrial control systems (ICS) and SCADA systems, serving esteemed clients such as Volvo, Hitachi, DS Smith, and collaborating with government entities like the City of Nashville and the City of Zaragoza. ABB's footprint extends to several US federal agencies, including the Department of Defense, US Army Corps of Engineers, Departments of Interior, Transportation, Energy, the United States Coast Guard, and the US Postal Service.
On May 7th, ABB became a target of the notorious Black Basta ransomware gang, known for its double-extortion tactics. This cybercriminal group, active since April 2022, launched an attack that affected ABB's Windows Active Directory and numerous devices on its network.
In response, ABB swiftly severed VPN connections with its customers to halt the ransomware's spread. The attack resulted in operational disruptions, project delays, and impacts on ABB's factories.
ABB has taken immediate action to contain the incident, and most of its systems and factories are now operational. The company remains dedicated to serving customers securely, collaborating with them and partners to minimize the attack's impact.
The Black Basta ransomware gang, in partnership with the QBot malware operation, initiated its Ransomware-as-a-Service (RaaS) in April 2022. They leveraged Cobalt Strike for initial access to corporate networks and lateral movement. Notably, they developed a Linux encryptor targeting VMware ESXi virtual machines on Linux servers. Researchers have linked Black Basta to the financially motivated cybercrime group FIN7 (Carbanak).
Black Basta has a track record of targeting high-profile organizations such as the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada. In a recent escalation, they targeted Capita, the UK's largest outsourcing company, exposing stolen data.
ABB released an update on May 12th, acknowledging the IT security incident that affected certain locations and systems. They have taken measures to contain the situation, resulting in the restoration of most systems and factories. ABB continues to collaborate with customers and partners to address the incident's impact.
Safeguard your business against cyber threats by seeking expert guidance from Armoryze, a recognized leader in cybersecurity services. We offer tailored solutions including vulnerability assessments, network security audits, incident response planning, and employee training programs.
Schedule a FREE consultation today to assess your organization's cybersecurity needs and explore custom solutions that protect your business from malicious attacks. Don't let cybercriminals jeopardize your assets and reputation. Take action now with Armoryze's expertise and guidance.