ABB, a leading provider of electrification and automation technology, has been hit by a Black Basta ransomware attack, which has reportedly affected business operations.
As part of its services, ABB develops industrial control systems (ICS) and SCADA systems for manufacturers and energy suppliers. The company has approximately 105,000 employees and is expected to generate $29.4 billion in revenue in 2022. Volvo, Hitachi, DS Smith, the City of Nashville, and the City of Zaragoza are among the company’s customers.
According to the company’s website, “ABB operates more than 40 U.S. based engineering, manufacturing, research, and service facilities with a proven track record serving a diversity of federal agencies.” These agencies include the U.S. Army Corps of Engineers and the U.S. Departments of Defense, Transportation, Energy, the Coast Guard, and the Postal Service.
On May 7th, ABB fell victim to a ransomware attack led by the Black Basta, a ransomware gang that has been active since April 2022.
The breach affected their Windows Active Directory and hundreds of their devices. Anonymous sources confirmed for Bleeping Computer that the attack has caused significant disruption to ABB’s operations and projects, and impacted its factories.
After initially declining to comment on the news, ABB sent the following statement to Bleeping Computer after the article was published:
ABB recently detected an IT security incident that directly affected certain locations and systems. To address the situation, ABB has taken, and continues to take, measures to contain the incident. Such containment measures have resulted in some disruptions to its operations which the company is addressing.
The vast majority of its systems and factories are now up and running and ABB continues to serve its customers in a secure manner. ABB continues to work diligently with its customers and partners to resolve this situation and minimize its impact.
Black Basta Ransomware
The infamous Black Basta ransomware gang stepped onto the stage in April 2022, with their Ransomware-as-a-Service (RaaS).
In no time at all, they had already begun conducting double extortion attacks on multiple corporate victims.
By June 2022, Black Basta had partnered with the QBot malware operation (QakBot) dropping Cobalt Strike on infected devices. From there, the hacker group used it to gain access and spread through corporate networks.
They also developed a Linux encryptor aiming at VMware ESXi virtual machines running on Linux servers, similar to other ransomware threats targeting businesses. Their links to the financially-motivated cybercrime organization FIN7 (Carbanak) have been noted by security researchers.
Since its appearance, Black Basta has maliciously infiltrated entities such as American Dental Association, Sobeys, Knauf and Yellow Pages Canada. Most recently they attacked Capita – UK’s largest outsourcing company – and started leaking stolen info.
How to Prevent Ransomware?
To safeguard yourself from the Black Basta ransomware, you should take the following precautions:
- Network monitoring – keep an eye out for large data exfiltration attempts.
- Implement DNS filtering to prevent communication with and data exfiltration to C&C servers.
- Never skip a patch. For companies with hundreds of endpoints to secure, automated patch management is the best option.
- Enforce an Anti-ransomware encryption solution to protect your devices against malicious encryption attempts.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Antivirus is no longer enough to keep an organization’s systems secure.
Heimdal® Threat Prevention- Endpoint
Is our next gen proactive DNS-Layer security that stops unknownthreats before they reach your system.
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today30-day Free Trial. Offer valid only for companies.