ABB, a renowned producer of electrification and automation technologies in Switzerland, has been hit by a Black Basta ransomware attack, which has allegedly disrupted corporate operations.
ABB, headquartered in Zurich, Switzerland, employs around 105,000 people and expects to generate $29.4 billion in revenue in 2022. The firm produces industrial control systems (ICS) and SCADA systems for manufacturers and energy suppliers as part of its services.
The company works with a wide range of customers and local governments, including Volvo, Hitachi, DS Smith, the City of Nashville, and the City of Zaragoza.
"ABB operates more than 40 U.S.-based engineering, manufacturing, research and service facilities with a proven track record serving a diversity of federal agencies including the Department of Defense, such as U.S. Army Corps of Engineers, and Federal Civilian agencies such as the Departments of Interior, Transportation, Energy, United States Coast Guard, as well as the U.S. Postal Service," reads the ABB web site.
On May 7th, the firm was the target of a ransomware attack carried out by Black Basta, a cybercrime group that first appeared in April 2022.
According to many employees, the ransomware attack has impacted the company's Windows Active Directory, affecting hundreds of devices.
In reaction to the attack, ABB disconnected VPN connections with its customers in order to prevent the ransomware from spreading to other networks.
The attack reportedly disrupts the company's operations, delaying projects and impacting the factories.
Who is Black Basta?
The Black Basta ransomware gang launched its Ransomware-as-a-Service (RaaS) operation in April 2022 and quickly began amassing corporate victims in double-extortion attacks.
By June 2022, Black Basta had formed an alliance with the QBot malware operation (QakBot), which delivered Cobalt Strike to affected devices. Then, Black Basta would utilise Cobalt Strike to acquire initial access to the corporate network before spreading to more devices.
Black Basta, like other enterprise-targeting ransomware organisations, developed a Linux encryptor to attack VMware ESXi virtual machines operating on Linux servers.
Researchers have also linked the ransomware ring to the FIN7 hacker organisation, commonly known as Carbanak, a financially driven criminal gang.
Since its launch, the threat actors have been responsible for a stream of attacks, including those on the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada.
Recently, the ransomware operation attacked Capita, the UK's largest outsourcing company, and began to leak stolen data.