ABB is said to have halted VPN connections with clients to prevent criminals from moving onto other networks. Based in Switzerland, the company is one of the world’s leading providers of robotic systems. It employs over 100,000 people and reported revenue of $29.4bn last year.
Its clients span the public and private sectors. “ABB operates more than 40 US-based engineering, manufacturing, research and service facilities with a proven track record serving a diversity of federal agencies including the Department of Defense, such as the US Army Corps of Engineers, and Federal Civilian agencies such as the Departments of Interior, Transportation, Energy, United States Coast Guard, as well as the US Postal Service,” the company says.
ABB cyberattack hits company devices
The initial ransomware attack is thought to have taken place on 7 May. It is claimed Black Basta attacked the company through its Windows Active Directory, affecting hundreds of devices.
According to employees speaking to Bleeping Computer, which first reported the story and cites sources familiar with the situation, the attack has disrupted the company’s operations, impacting its factories and delaying projects.
It is not known whether a ransom demand has been issued, or paid, and no data from the company has been spotted on the dark web. Tech Monitor has contacted ABB but has not had a response from the company at the time of writing.
Black Basta targets corporate networks
Russian gang Black Basta was uncovered by researchers in 2022 and has since regularly attacked public and private sector organisations in Europe and English-speaking countries around the world.
Last summer it claimed responsibility for an attack on the Knauf building supplies company, which severely hindered the business’s operations across Europe for several weeks.
The gang favours double extortion tactics, where a victimised company’s data will be lifted and encrypted so that the organisation can be bribed into communicating with the criminals and pressured into purchasing the decryption key.
In April, Black Basta posted its intentions to buy and monetise corporate network access for a share in the profits. The post, written in Russian, specified that it was looking for organisations based in the United States, Canada, United Kingdom, Australia, and New Zealand, according to a report from security company CyberReason.
The company hit 44 victims in 2022, according to a Trend Micro report, and victims this year include the Canadian Yellow Pages.