US govt contractor ABB confirms ransomware attack, data theft


Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as “an IT security incident.”

It also revealed that the attackers had stolen data from compromised devices and that it would notify affected individuals if their information was impacted in the incident.

“ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data,” the company said in a press release.

“ABB will communicate with affected parties where necessary, including, for example, specific customers, suppliers, and/or individuals where personally identifiable information was affected.”

“To date, the forensic investigation has identified no evidence that any customer system has been directly impacted, and no customer has reported that this has occurred,” ABB said in notifications sent to affected clients.

It also added that the recent breach has now been contained, with previously disrupted essential services and systems operating as expected. All remaining affected services and systems are now being restored, and additional security measures have been implemented to secure the network against future attacks.

The investigation is still in its early stages, and ABB is also working with advisors and law enforcement to minimize the ransomware attack’s impact.

ABB reported revenue of $29.4 billion for 2022 and has roughly 105,000 employees that develop industrial control systems (ICS) and SCADA systems for manufacturing and energy suppliers.

The company provides services to a wide range of high-profile customers and local governments worldwide. It also works with the U.S. Department of Defense and federal civilian agencies like the Departments of Interior, Transportation, and Energy, as well as the United States Coast Guard and the U.S. Postal Service.

Black Basta ransomware attack

ABB was hit by the cyberattack on May 7th, which led to operations disruption, project delays, and a significant impact on its factories.

While ABB didn’t reveal the name of the attackers, BleepingComputer independently confirmed that the attack was conducted by the Black Basta ransomware gang with the help of an anonymous source familiar with the incident.

Multiple employees also told BleepingComputer that the ransomware attack targeted the company’s Windows Active Directory, impacting hundreds of Windows systems.

In response, ABB immediately terminated VPN connections with its customers to block the threat actors’ access to other networks.

“ABB recently detected an IT security incident that directly affected certain locations and systems,” the company told BleepingComputer in a statement after the attack.

Black Basta is a Ransomware-as-a-Service (RaaS) operation that surfaced in April 2022 and immediately started targeting many corporate victims in double-extortion attacks.

The ransomware gang was also recently linked to the FIN7 hacking group, a notorious financially motivated cybercrime gang also tracked as Carbanak.

Since its launch, Black Basta has been responsible for attacks targeting the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, UK outsourcing company Capita, and, more recently, German defense contractor Rheinmetall.



Source link