Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Industrial Giant ABB Confirms Ransomware Attack, Data Theft

Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data.

Ransomware

Swiss industrial giant ABB confirmed this week that it was recently targeted in a ransomware attack and that the cybercriminals exfiltrated some data.

The company has issued a press release and an FAQ describing the incident, with many details — including indicators of compromise (IoCs) — being withheld due to the ongoing law enforcement investigation. 

“ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data,” ABB said. “The company is working to identify and analyze the nature and scope of affected data and is further assessing its notification obligations.” 

The malware was allegedly only deployed on a ‘limited number’ of servers and endpoints. The malware was distributed via manual intervention and it could not automatically spread through emails or on the local network, ABB said.

“All of ABB’s key services and systems are up and running, all factories are operating, and the company continues to serve its customers. The company also continues to restore any remain- ing impacted services and systems and is further enhancing the security of its systems,” the company noted.

In private notifications sent to customers, ABB said its forensic investigation found no evidence of customer systems being directly impacted. In addition, there is no indication that it’s unsafe to connect to ABB systems. 

Bleeping Computer was the first to report that ABB was targeted by the Black Basta ransomware group. Kevin Beaumont, a reputable cybersecurity researcher, has independently confirmed it

Beaumont said on Friday that the company has paid the ransom, which would explain why it has not been named on Black Basta’s leak website. 

Advertisement. Scroll to continue reading.

SecurityWeek reached out to ABB for comment on these claims, but the company said it’s not commenting beyond the information in its press release. 

ABB provides electrification and automation solutions in many countries around the world. The company has more than 100,000 employees. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com

Related: Ransomware Gang Leaks Files Stolen From Industrial Giant Parker Hannifin

Related: BlackCat Ransomware Targets Industrial Companies

Related: Industrial Ransomware Attacks: New Groups Emerge, Manufacturing Pays Highest Ransom

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Ransomware

Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.