Swiss multinational technology company and US government contractor ABB has confirmed that some of its systems have been hit by a ransomware attack, previously described by the company as “a computer security incident”.

He also disclosed that the attackers stole data from compromised devices and that he would notify those affected if their information was affected by the incident.

“ABB has determined that an unauthorized third party accessed certain ABB systems, deployed a type of ransomware that does not spread on its own, and exfiltrated certain data,” the company said. said in a press release.

“ABB will communicate with relevant parties as necessary, including, for example, customers, suppliers and/or specific individuals where personally identifiable information has been affected.”

“To date, forensic investigation has identified no evidence that a customer system was directly impacted, and no customer has reported this to have occurred,” ABB said in a statement. notifications sent to affected customers.

He also added that the recent breach has now been contained, with previously disrupted essential services and systems operating as intended. All remaining affected services and systems are being restored and additional security measures have been implemented to protect the network from future attacks.

The investigation is still in its early stages and ABB is also working with advisors and law enforcement to minimize the impact of the ransomware attack.

ABB reported sales of $29.4 billion for 2022 and has around 105,000 employees who develop industrial control systems (ICS) and SCADA systems for manufacturing and energy suppliers.

The company provides services to a wide range of high profile clients and local governments around the world. This too walk with the United States Department of Defense and federal civilian agencies such as the Departments of Interior, Transportation, and Energy, as well as the United States Coast Guard and the United States Postal Service.

Black Basta ransomware attack

ABB was affected by cyberattack on May 7, resulting in operational disruptions, project delays and a significant impact on its factories.

Although ABB did not reveal the names of the attackers, BleepingComputer independently confirmed that the attack was carried out by the Black Basta ransomware gang with the help of an anonymous source familiar with the incident.

Several employees also told BleepingComputer that the ransomware attack targeted the company’s Windows Active Directory, affecting hundreds of Windows systems.

In response, ABB immediately terminated VPN connections with its customers to block hackers’ access to other networks.

“ABB recently detected a computer security incident that directly affected certain sites and systems,” the company told BleepingComputer in a statement after the attack.

Black Basta is a Ransomware-as-a-Service (RaaS) operation that surfaced in April 2022 and immediately began targeting numerous corporate victims in double extortion attacks.

The ransomware gang has also been recently linked to hacking group FIN7a notorious financially motivated cybercrime gang also tracked as Carbanak.

Since its launch, Black Basta has been responsible for attacks targeting the American Dental Association, Sobeys, Knauf, Yellow Pages CanadaUK outsourcing company Headand, more recently, the German defense contractor Rheinmetall.