ABB, a global technology company located in Switzerland that works for the United States government, has confirmed that a ransomware attack compromised some of its systems. Previously, the corporation referred to this issue as an IT security incident.
ABB provides local governments and a broad range of well-known clients globally. Also, it unites with the U.S. Department of Defence, federal civil organisations including the Departments of Interior, Transportation, and Energy, as well as the Coast Guard and the Postal Service of the United States.
In 2022, ABB recorded $29.4 billion in sales. The company, which employs over 105,000 people, specialises in creating SCADA and industrial control systems (ICS) for manufacturers and energy suppliers.
The company released a FAQ and a press release detailing the incident, although they chose not to provide some details, such as indications of compromise (IoCs). This choice was made because of an ongoing investigation by law enforcement.
The business also revealed that the hackers had illegally taken data from vulnerable devices. Additionally, they guaranteed that any persons whose information was affected by the event would be informed.
According to ABB statement:
ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data. ABB will communicate with affected parties where necessary, including, for example, specific customers, suppliers, and/or individuals where personally identifiable information was affected.
According to reports, only a “limited number” of servers and endpoints had the malware installed. Since it spread manually rather than automatically through emails or the local network, it was not able to expand through those methods.
Essential services and systems that were affected by the recent breach are now functioning normally since it has been controlled. Moreover, extra security measures have been put in place to protect the network from attacks in the future, and affected services and systems that are still in use are being restored.
Black Basta Ransomware Attacks ABB and Windows Systems
ABB fell victim to a cyberattack on May 7th, causing working disturbances, project delays, and significant impact on its factories. The incident involves the Black Basta ransomware organisation, however the attackers are still unknown, a trusted anonymous source said.
Multiple employees confirmed that the ransomware attack targeted the company’s Windows Active Directory, resulting in negative impacts on a substantial number of Windows PCs. As a result, ABB quickly stopped VPN connections with its customers to avoid further intrusion.
Beaumont claimed ABB paid a ransom, but the company has not confirmed. ABB stated cooperation with authorities and third parties but provided limited attack details due to the ongoing investigation.
Black Basta is a variant of ransomware-as-a-service (RaaS), having first appeared in April 2022. The gang quickly became well-known for executing double-extortion attacks on various business targets.
Currently, there is a connection between the famous FIN7 hacker group, also known as Carbanak, and the basta ransomware gang. Black Basta has also attacked businesses including the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, Capita (a UK outsourcing firm), and most recently, German defence contractor Rheinmetall.
Successful ransomware attacks are most often preceded by phishing emails. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.