ABB Confirms Ransomware Attack and Data Breach, Initiates Investigation

Swiss tech multinational and U.S. government contractor, ABB, has recently confirmed that it experienced a ransomware attack that compromised some of its systems.

The company disclosed that unauthorized individuals gained access to certain ABB systems, deployed a non-self-propagating form of ransomware, and successfully exfiltrated specific data.

As part of its response, ABB has initiated a comprehensive forensic investigation and is working closely with advisors and law enforcement to mitigate the impact of the attack.

ABB Ransomware Attack, Breach and Notification Process

During the cyberattack, the attackers managed to steal data from compromised devices. ABB has assured the public that affected individuals will be promptly notified if their information was impacted during the incident.

The company has taken immediate steps to communicate with affected parties, including customers, suppliers, and individuals whose personally identifiable information was compromised.

No Direct Impact on Customer Systems Reported

ABB has found no evidence to suggest that any customer system has been directly affected by the ransomware attack. Customers have not reported any incidents resulting from the breach.

ABB remains committed to keeping its clients informed and providing support throughout this process.

ABB Ransomware Attack – Containment and Restoration Efforts

The recent breach has been contained, allowing essential services and systems to resume normal operations. ABB is actively restoring any remaining affected services and systems.

To enhance network security and protect against future attacks, the company has implemented additional security measures.

Black Basta Ransomware Attack

ABB fell victim to the Black Basta ransomware attack on May 7th. The incident caused significant disruption to operations, resulting in project delays and impacting its factories.

Although ABB did not explicitly disclose the attackers’ identity, it was independently confirmed that the cyberattack was carried out by the Black Basta ransomware gang, according to an anonymous source familiar with the incident.

Windows Systems Targeted, VPN Connections Terminated

The ransomware attack specifically targeted ABB’s Windows Active Directory, affecting numerous Windows systems.

In response, ABB took immediate action by terminating VPN connections with its customers to prevent threat actors from accessing other networks. The company is committed to safeguarding its systems and ensuring the security of its operations.

About Black Basta Ransomware

Black Basta is a Ransomware-as-a-Service (RaaS) operation that emerged in April 2022. The gang quickly gained notoriety for conducting double-extortion attacks against various corporate victims.

Recent reports have linked Black Basta to the financially motivated cybercrime gang FIN7, also known as Carbanak. Notable victims of Black Basta include the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, UK outsourcing company Capita, and most recently, German defense contractor Rheinmetall.

ABB’s swift response to the ransomware attack has allowed it to contain the breach, restore affected systems, and implement additional security measures.

The company’s ongoing investigation, in collaboration with advisors and law enforcement, aims to minimize the impact of the incident. ABB remains committed to transparently communicating with affected parties and providing support as necessary, ensuring the resilience and security of its operations.