ABB Struck By Black Basta Ransomware

Uploaded on 2023-05-16 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The Swedish-Swiss robotics and automation multinational company ABB has been hit by a Black Basta ransomware attack which has affected business operations across the company.  

On Friday 13th May, ABB confirmed that certain locations and services were impacted by an “IT security incident.” The company works with a large range of customers including Hitachi, Volvo and various governments.

On May 7th, the company fell victim to a cyber attack conducted by the Black Basta ransomware gang. This is the same form of attack used against Capita, the large British-bases outsourcing firm

ABB employs around 105K employees and has $29.4 billion in revenue for 2022. And as part of its services, the company develops industrial control systems (ICS) and SCADA systems for manufacturing and energy suppliers. ABB has a global presence, with operations on every continent. One arm of the company’s extensive business activities develops Industrial Control Systems (ICS). ICS is a critical part of the modern manufacturing system and a great for state-sponsored and financially motivated threat actors.

According to sources, hundreds of computers have been compromised as a result of a ransomware attack on the Windows Active Directory used by ABB. 

According to ABB’s website, it offers cyber security consulting as a service and carries out security assessments through “multiple standard and custom assessments”. It also offers cyber security training and conducts awareness and education programs for employees. 

Black Basta was first observed in April 2022 and is understood to be a rebranding of the infamous Conti ransomware group. 

The Dark Web monitoring platform, DarkFeed report that Black Basta has struck 153 organisations since its strain of malware was first discovered. The group standard method is to use double-extortion tactics to intimidate victims into paying a ransom. Cyber criminals that use this model often publish stolen data in a dripfeed, pressurising victims to succumb to internal and external demands to pay the ransom.

Cyber security researchers have linked Black Basta with the FIN7 cyber crime group to the original Black Basta ransomware exploit in 2022. Amongst others, Black Basta has attacked the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada. 

ABB:   Economic Times:   Bleeping Computer:     CyberNews:   Information Security Buzz:   The Record:  

You Might Also Read: 

Detected - A Hard Matching Vulnerability  Which Enables Azure AD Account Takeover:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Philadelphia Inquirer Newspaper Hacked 
Iranian Government Uses Android Malware For Mobile Surveillance »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

GBT Technologies

GBT Technologies

GBT Technologies is a technology company focused on chip design and software to enable IoT, global mesh networks, and for applications relating to artificial intelligence.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

PA Consulting

PA Consulting

PA Consulting Group is a consultancy that specialises in strategy, technology and innovation. Our cyber security experts work with you to spot digital and technology security risks and reduce them.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Archon Secure

Archon Secure

Archon GoSilent Cube delivers a CSfC-certified, plug-and-play security solution for classified and unclassified communication when using the public Internet.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.

Sri Lanka CERT

Sri Lanka CERT

Sri Lanka CERT is the National Centre for Cyber Security, which has the national responsibility of protecting the nation’s cyberspace from cyber threats.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.