ABB, a Swiss tech multinational and U.S. government contractor, has confirmed that it was subjected to a ransomware attack that impacted some of its systems. The company revealed that an unauthorized third-party gained access to certain ABB systems, deployed non-self-propagating ransomware, and exfiltrated data.
ABB stated that it would communicate with affected parties, including customers, suppliers, and individuals whose personally identifiable information was affected, and that no evidence of direct customer system impact has been found so far.
The recent breach has been contained, and disrupted essential services and systems are now operating as expected. ABB is currently restoring the remaining affected services and systems while implementing additional security measures to fortify its network against future attacks.
The company, which reported revenue of $29.4 billion in 2022, develops industrial control systems and SCADA systems for manufacturing and energy suppliers, serving high-profile customers and working with government agencies such as the U.S. Department of Defense.
Although ABB did not disclose the attackers’ identity, it was independently confirmed that the cyberattack was conducted by the Black Basta ransomware gang. The attack targeted ABB’s Windows Active Directory, impacting numerous Windows systems and causing disruption to operations, project delays, and significant consequences for the company’s factories.
In response, ABB promptly terminated VPN connections with its customers to prevent the threat actors from accessing other networks.
Black Basta, a Ransomware-as-a-Service (RaaS) operation, emerged in April 2022 and has been involved in double-extortion attacks against numerous corporate victims.
The ransomware gang has been linked to the financially motivated cybercrime group FIN7, also known as Carbanak. Notable targets of Black Basta include the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, UK outsourcing company Capita, and recently, German defense contractor Rheinmetall. ABB is actively working on the investigation alongside advisors and law enforcement to mitigate the impact of the ransomware attack.
