Ransomware

Industrial Giant ABB Confirms Ransomware Attack, Data Theft

Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data.

Eduard Kovacs

May 27, 2023

Swiss industrial giant ABB confirmed this week that it was recently targeted in a ransomware attack and that the cybercriminals exfiltrated some data.

The company has issued a press release and an FAQ describing the incident, with many details — including indicators of compromise (IoCs) — being withheld due to the ongoing law enforcement investigation.

“ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data,” ABB said. “The company is working to identify and analyze the nature and scope of affected data and is further assessing its notification obligations.”

The malware was allegedly only deployed on a ‘limited number’ of servers and endpoints. The malware was distributed via manual intervention and it could not automatically spread through emails or on the local network, ABB said.

“All of ABB’s key services and systems are up and running, all factories are operating, and the company continues to serve its customers. The company also continues to restore any remain- ing impacted services and systems and is further enhancing the security of its systems,” the company noted.

In private notifications sent to customers, ABB said its forensic investigation found no evidence of customer systems being directly impacted. In addition, there is no indication that it’s unsafe to connect to ABB systems.

Bleeping Computer was the first to report that ABB was targeted by the Black Basta ransomware group. Kevin Beaumont, a reputable cybersecurity researcher, has independently confirmed it.

Advertisement. Scroll to continue reading.

Beaumont said on Friday that the company has paid the ransom, which would explain why it has not been named on Black Basta’s leak website.

SecurityWeek reached out to ABB for comment on these claims, but the company said it’s not commenting beyond the information in its press release.

ABB provides electrification and automation solutions in many countries around the world. The company has more than 100,000 employees.

Written By Eduard Kovacs

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Latest News

Click to comment

Webinar Beyond VPN Replacement: Other ZTNA superpowers CISOs Should Know

Tuesday, August 22, 2023

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Webinar: Scaling Software Supply Chain Security: Driving Actionable SBOM Management with the OpenSSF S2C2F OSS Specification

Thursday, September 7, 2023

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Moving From Qualitative to Quantitative Cyber Risk Modeling

Migrating to a quantitative cyber risk model of analysis allows for more accurate data, which leads to more informed decision-making. (Fawaz Rasheed)

Every Network Is Now an OT Network. Can Your Security Keep Up?

Many previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into larger IT networks. (John Maddison)

Navigating the Digital Frontier in Cybersecurity Awareness Month 2023

ZTNA stands out as a solution that enables organizations to minimize their attack surface while ensuring the productivity and security of their remote workforce. (Torsten George)

Staying on Topic in an Off Topic World

Learning how to keep discussions on-topic is an important skill for security professionals to learn, and it can allow them to continue to improve their security programs. (Joshua Goldfarb)

A One-Two Punch for Security ROI

Cost avoidance is a powerful way to kick-off ROI discussions. However, to quickly move beyond objections, shifting to a more tangible approach to calculate ROI can help. (Marc Solomon)