Swiss multinational company ABB, a foremost electrification and automation technology provider. It has been the latest victim of a Black Basta Ransomware attack, impacting its business operations. A statement from the company confirmed the attack and its efforts to contain the incident. ABB has a proven track record of serving a diversity of federal agencies, including the U.S. Army Corps of Engineers and Departments of Interior, Transportation, Energy, and the U.S. Postal Service. However, the attack reportedly disrupted the company’s operations, causing delays in projects and impacting factories.
ABB Terminates VPN Connections to Prevent the Spread of Black Basta Ransomware
Headquartered in Zurich, Switzerland, ABB employs approximately 105,000 employees and has a revenue of $29.4 billion as of 2022. The company offers a range of services, including the development of industrial control systems (ICS) and SCADA systems for manufacturing and energy suppliers. The company works with many customers and local governments, including Volvo, Hitachi, DS Smith, the City of Nashville, and the City of Zaragoza.
The attack on ABB occurred on May 7, 2022, by the Black Basta cybercrime group that surfaced in April 2022. The ransomware attack affected the company’s Windows Active Directory, impacting hundreds of devices. In response, ABB terminated VPN connections with its customers to prevent the spread of the ransomware to other networks.
BleepingComputer, a cybersecurity news website, independently confirmed the attack from a source familiar with the situation, who asked to remain anonymous. The attack disrupted ABB’s operations, affecting projects and factories. BleepingComputer also contacted ABB about the attack, but the company declined to comment on the situation.
Black Basta Ransomware – A Brief Overview
The Black Basta ransomware group launched its Ransomware-as-a-Service (RaaS) operation in April 2022. It quickly began amassing corporate victims in double-extortion attacks. By June 2022, the group partnered with the QBot malware operation (QakBot), which dropped Cobalt Strike on infected devices. Black Basta then used Cobalt Strike to gain initial access to the corporate network and spread laterally to other devices.
Like other enterprise-targeting ransomware operations, Black Basta created a Linux encryptor to target VMware ESXi virtual machines running on Linux servers. Researchers have also linked the ransomware group to the FIN7 hacking group, a financially motivated cybercrime gang also known as Carbanak. Since its launch, the threat actors have been responsible for a stream of attacks. This including those on the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada. Recently, the ransomware group attacked Capita, the UK’s largest outsourcing company, and began to leak stolen data.
The ABB ransomware attack highlights the growing threat that ransomware groups pose to companies of all sizes. The need for robust cybersecurity measures is on peak. Companies must ensure that their systems and networks are secure against potential cyber threats. They must have robust incident response plans in place to mitigate the damage in the event of an attack. With the rise of Ransomware-as-a-Service and the evolving tactics of ransomware groups, companies must remain vigilant.