A leading supplier of automation and electrification technologies from Switzerland, ABB, has been hit by a Black Basta ransomware attack that has affected corporate operations. ABB, with its headquarters in Zurich, Switzerland, will generate $29.4 billion in revenue in 2022 and employ over 105,000 people. The business creates SCADA and industrial control systems (ICS) for manufacturers and energy suppliers as part of its services. In addition, the company collaborates with a broad spectrum of clients and local authorities, including Volvo, Hitachi, DS Smith, the Cities of Nashville and Zaragoza.
“ABB operates more than 40 U.S.-based engineering, manufacturing, research and service facilities with a proven track record serving a diversity of federal agencies including the Department of Defense, such as U.S. Army Corps of Engineers, and Federal Civilian agencies such as the Departments of Interior, Transportation, Energy, United States Coast Guard, as well as the U.S. Postal Service,” reads the ABB web site.
The business was the target of a ransomware assault on May 7th, carried out by Black Basta, a cybercriminal organization that first appeared in April 2022. Several employees have confirmed that the Windows Active Directory of the organization was impacted by the ransomware attack, which affected hundreds of devices. Additionally, ABB cut down VPN connections with its clients in reaction to the attack to stop the ransomware from infecting other networks.
An informed source who requested anonymity and was acquainted with the circumstances verified the incident to the media. It has been reported that the attack interferes with business operations, delays projects, and affects manufacturing. ABB was notified of the assault; however, they chose not to respond.
The Black Basta ransomware gang began collecting corporate victims for double-extortion assaults when its Ransomware-as-a-Service (RaaS) business got off the ground in April 2022. By June 2022, Black Basta and the QBot malware operation (QakBot) formed a partnership that allowed Cobalt Strike to be delivered on compromised devices. Cobalt Strike would then be used by Black Basta to first acquire access to the company network before spreading laterally to additional devices.
Black Basta developed a Linux encryptor to target VMware ESXi virtual machines operating on Linux servers, similar to previous enterprise-targeting ransomware operations. Researchers have also connected the FIN7 hacking organization, a financially driven cybercrime gang known as Carbanak, with the ransomware gang.
The threat actors have carried out a slew of assaults since their introduction, including ones on the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada. The largest outsourcing firm in the UK, Capita, was recently hacked by ransomware, which also started leaking stolen data.