Tech Provider ABB Struck By Black Basta Ransomware Attacks

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | May 11, 2023 11:10 am PST

The Black Basta ransomware assault apparently hampered business activities at the Swiss multinational corporation ABB, a renowned electrification and automation technology provider. ABB has its headquarters in Zurich, Switzerland, and in 2022 expects to bring in $29.4 billion in sales on the backs of its approximately 105,000 employees.

Industrial control system (ICS) and supervisory control and data acquisition (SCADA) system development are one of the company’s offerings to the manufacturing and energy sectors. Companies like Volvo and Hitachi, as well as municipalities like Nashville and Zaragoza, are among the firm’s many clients.

According to the company’s website, “ABB operates more than 40 U.S. based engineering, manufacturing, research and service facilities with a proven track record serving a diversity of federal agencies.” These agencies include the U.S.

Army Corps of Engineers and the U.S. Departments of Defense, Transportation, Energy, the Coast Guard, and the Postal Service. The company was hit by Black Basta, a cybercrime group that first appeared in April 2022, in a ransomware attack on May 7th.

According to several sources within the organization, hundreds of computers have been compromised as a result of the ransomware attack on the Windows Active Directory. After discovering the intrusion, ABB cut off its customers’ VPN access to stop the malware from spreading.

An independent source, who wished to remain anonymous, confirmed the attack. According to reports, the attack has caused delays in projects and impacted the factories. Bleeping Computer reached out to ABB for comment on the hack, but they declined.

As early as April 2022, the Black Basta ransomware group had already begun amassing corporate victims through double-extortion attacks, having launched its Ransomware-as-a-Service (RaaS) operation.

Black Basta and the QBot malware operation (QakBot) had joined forces to distribute Cobalt Strike to affected devices by June 2022. Cobalt Strike would then be used by Black Basta to infiltrate the business network and expand laterally to more devices.

Black Basta, like other business-focused ransomware campaigns, developed a Linux encryptor to lock up VMware ESXi virtual machines hosted on Linux servers. FIN7, also known as Carbanak, is a financially driven criminal organization that has been linked by researchers to the ransomware gang.

Attacks on the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada are only some of the targets of the threat actors’ campaign since its inception.


ABB, a Swiss multinational business that produces electrification and automation technology, was hit by a Black Basta ransomware attack. ABB collaborates with governments and enterprises to build industrial control and SCADA systems for manufacturing and energy suppliers. Projects and factories were delayed by the attack on the company’s Windows Active Directory. ABB suspended VPN connections with its customers to stop the malware from spreading. 

In April 2022, Black Basta teamed with QBot to create Ransomware-as-a-Service. ABB, a Swiss multinational provider of electrification and automation technology, was hit by a Black Basta ransomware attack that disrupted its business. ABB’s 2022 revenue was $29.4 billion, and it employs 105,000 people in Zurich, Switzerland. ICS and SCADA solutions for manufacturing and energy suppliers are developed by the company.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x