View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
May 12, 2023updated 24 May 2023 1:36pm

Automation specialist ABB ‘hit by Black Basta ransomware attack’

Hundreds of devices at the automation specialist are said to be out of action as it battles the effects of the breach.

By Claudia Glover

Global automation giant ABB has reportedly suffered a cyberattack at the hands of notorious ransomware gang Black Basta. The breach is said to have affected hundreds of company devices.

ABB hit by a cyberattack at the hands of Black Basta. (Photo by Mats Wiklund/Shutterstock)

ABB is said to have halted VPN connections with clients to prevent criminals from moving onto other networks. Based in Switzerland, the company is one of the world’s leading providers of robotic systems. It employs over 100,000 people and reported revenue of $29.4bn last year.

Its clients span the public and private sectors. “ABB operates more than 40 US-based engineering, manufacturing, research and service facilities with a proven track record serving a diversity of federal agencies including the Department of Defense, such as the US Army Corps of Engineers, and Federal Civilian agencies such as the Departments of Interior, Transportation, Energy, United States Coast Guard, as well as the US Postal Service,” the company says.

ABB cyberattack hits company devices

The initial ransomware attack is thought to have taken place on 7 May. It is claimed Black Basta attacked the company through its Windows Active Directory, affecting hundreds of devices. 

According to employees speaking to Bleeping Computer, which first reported the story and cites sources familiar with the situation, the attack has disrupted the company’s operations, impacting its factories and delaying projects. 

It is not known whether a ransom demand has been issued, or paid, and no data from the company has been spotted on the dark web. Tech Monitor has contacted ABB but has not had a response from the company at the time of writing.

Black Basta targets corporate networks

Russian gang Black Basta was uncovered by researchers in 2022 and has since regularly attacked public and private sector organisations in Europe and English-speaking countries around the world.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Last summer it claimed responsibility for an attack on the Knauf building supplies company, which severely hindered the business’s operations across Europe for several weeks.

The gang favours double extortion tactics, where a victimised company’s data will be lifted and encrypted so that the organisation can be bribed into communicating with the criminals and pressured into purchasing the decryption key.

In April, Black Basta posted its intentions to buy and monetise corporate network access for a share in the profits. The post, written in Russian, specified that it was looking for organisations based in the United States, Canada, United Kingdom, Australia, and New Zealand, according to a report from security company CyberReason.

The company hit 44 victims in 2022, according to a Trend Micro report, and victims this year include the Canadian Yellow Pages.

Read more: Could quantum computing make our energy grid sustainable?

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.