Se ha conocido recientemente que el pasado 7 of May of 2023, la multinacional con sede en Zúrich y más de 105 000 empleados fue víctima de un ciberataque ejecutado por el grupo de ransomware Black Basta. El ataque se centró en el Active Directory de Windows de la empresa, affecting hundreds of devices and causing interruptions in the company's operations and factories.
To prevent the spread of ransomware to customer and partner networks, ABB proceeded to cut all affected VPN connections. Although it initially treated the incident as a 'cybersecurity situation', the company later confirmed that it was a ransomware attack that also involved data exfiltration.
According to ABB, most of its systems and factories have already resumed their activity, and no signs of compromises in third-party networks have been detected. However, the company acknowledged that a certain volume of data was stolen during the attack, although it has not been clarified how much information was compromised.
Since its appearance in April 2022, Black Basta has established a RaaS-type operation (ransomware-as-a-service), targeting critical sectors and large corporations. Linked to the Conti/FIN7 group, it has already affected more than 329 Organizations, raising tens of millions of dollars in ransoms. The ABB case joins the growing list of victims in Europe and the United States.
Fountain: Digital Shield
Image Auledas, CC BY-SA 4.0, via Wikimedia Commons
