ABB, Leading Tech Provider, Hit by Black Basta Ransomware Attack

ABB, Leading Tech Provider, Hit by Black Basta Ransomware Attack

Reading time: 2 min

Swiss multinational corporation ABB, a prominent technology provider specialising in electrification and automation, faced operational disruptions due to a ransomware attack known as Black Basta.

With headquarters in Zurich, ABB employs around 105,000 individuals and anticipates sales of $29.4 billion in 2022. Its services encompass industrial control system (ICS) and supervisory control and data acquisition (SCADA) system development, catering to clients such as Volvo, Hitachi, and municipalities like Nashville and Zaragoza.

ABB, a company with over 40 engineering, manufacturing, research, and service facilities in the United States, has a strong presence serving various federal agencies such as the Department of Defense, U.S. Army Corps of Engineers, and departments including Interior, Transportation, Energy, United States Coast Guard, and the U.S. Postal Service. However, on May 7th, ABB experienced a cyber attack orchestrated by the Black Basta ransomware gang, a cybercrime group that emerged in April 2022.

The attack affected numerous computers, particularly the Windows Active Directory, leading to the compromise of sensitive information. In response, ABB promptly halted customers’ VPN access to prevent further spread of the malware.

A confidential source confirmed an attack on ABB, which has reportedly led to project delays and disruptions in factories. When contacted for comment, ABB declined to respond. The cybercrime group Black Basta, known for its Ransomware-as-a-Service (RaaS) operation, had been targeting companies since April 2022. By collaborating with the QBot malware operation, they distributed Cobalt Strike to compromise devices, allowing Black Basta to infiltrate business networks and spread across multiple devices.

The Black Basta ransomware group, associated with the financially motivated criminal organization FIN7 (Carbanak), has expanded its operations to include a Linux encryptor specifically designed to target VMware ESXi virtual machines hosted on Linux servers. Researchers have linked FIN7 to this ransomware gang. The threat actors have targeted various organizations, including the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada, among others, since the campaign’s inception.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...