ABB Struck By Black Basta Ransomware

Uploaded on 2023-05-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The Swedish-Swiss robotics and automation multinational company ABB has been hit by a Black Basta ransomware attack which has affected business operations across the company.  

On Friday 13th May, ABB confirmed that certain locations and services were impacted by an “IT security incident.” The company works with a large range of customers including Hitachi, Volvo and various governments.

On May 7th, the company fell victim to a cyber attack conducted by the Black Basta ransomware gang. This is the same form of attack used against Capita, the large British-bases outsourcing firm

ABB employs around 105K employees and has $29.4 billion in revenue for 2022. And as part of its services, the company develops industrial control systems (ICS) and SCADA systems for manufacturing and energy suppliers. ABB has a global presence, with operations on every continent. One arm of the company’s extensive business activities develops Industrial Control Systems (ICS). ICS is a critical part of the modern manufacturing system and a great for state-sponsored and financially motivated threat actors.

According to sources, hundreds of computers have been compromised as a result of a ransomware attack on the Windows Active Directory used by ABB. 

According to ABB’s website, it offers cyber security consulting as a service and carries out security assessments through “multiple standard and custom assessments”. It also offers cyber security training and conducts awareness and education programs for employees. 

Black Basta was first observed in April 2022 and is understood to be a rebranding of the infamous Conti ransomware group. 

The Dark Web monitoring platform, DarkFeed report that Black Basta has struck 153 organisations since its strain of malware was first discovered. The group standard method is to use double-extortion tactics to intimidate victims into paying a ransom. Cyber criminals that use this model often publish stolen data in a dripfeed, pressurising victims to succumb to internal and external demands to pay the ransom.

Cyber security researchers have linked Black Basta with the FIN7 cyber crime group to the original Black Basta ransomware exploit in 2022. Amongst others, Black Basta has attacked the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada. 

ABB:   Economic Times:   Bleeping Computer:     CyberNews:   Information Security Buzz:   The Record:  

You Might Also Read: 

Detected - A Hard Matching Vulnerability  Which Enables Azure AD Account Takeover:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Philadelphia Inquirer Newspaper Hacked 
Iranian Government Uses Android Malware For Mobile Surveillance »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Kount

Kount

Kount's “decision engine” platform is ideal for managing fraud in online/telephone channels that process payments and onboard new customers.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Abertay cyberQuarter

Abertay cyberQuarter

The Abertay cyberQuarter is a cybersecurity research and development centre housed within Abertay University.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.

Vulnify

Vulnify

At Vulnify, we’re revolutionizing the way businesses identify and manage security vulnerabilities.