Swiss multinational ABB, a leading provider of electrification and automation technology, suffered a Black Basta ransomware attack, which reportedly impacted business operations.
Headquartered in Zurich, Switzerland, ABB employs approximately 105,000 people and has 2022 sales of $29.4 billion. As part of its services, the company develops industrial control systems (ICS) and SCADA systems for manufacturing and energy suppliers.
The company works with a wide range of customers and local governments including Volvo, Hitachi, DS Smith, City of Nashville and City of Zaragoza.
On May 7, the company fell victim to a ransomware attack carried out by Black Basta, a cybercrime group that surfaced in April 2022.
BleepingComputer learned from several employees that the ransomware attack affected the company’s Windows Active Directory, affecting hundreds of devices.
In response to the attack, ABB terminated VPN connections with its customers to prevent the ransomware from spreading to other networks.
BleepingComputer has independently confirmed the attack from a source familiar with the situation who asked to remain anonymous.
The attack is said to have disrupted company operations, delaying projects and impacting factories.
BleepingComputer contacted ABB about the attack, but declined to comment.
Who is Black Basta?
The Black Basta ransomware gang has launched its Ransomware-as-a-Service (RaaS) operation in April 2022 and soon began racking up business casualties in double extortion attacks.
In June 2022, Black Basta had in partnership with the QBot malware operation (QakBot), which dropped Cobalt Strike on infected devices. Black Basta would then use Cobalt Strike to gain initial access to the corporate network and laterally spread to other devices.
Like other ransomware operations targeting businesses, Black Basta created a Linux encryptor to target VMware ESXi virtual machines running on Linux servers.
The researchers also linked the ransomware gang to the hacking group FIN7, a financially motivated cybercrime gang also known as Carbanak.
Recently, the a ransomware operation attacked CapitaUK’s largest outsourcing company, and began leaking stolen data.