ABB provides building and manufacturing automation components around the world. They also provide robotics, ship and train propulsion systems, and much more.
On May 7th, they were hit with a cyber attack by the Black Rasta Ransomware gang, a cybercrime group based in Russia that surfaced in April 2022. The attack was originally focused on ABB’s Windows Active Directory server cluster.
The attack reportedly disrupted the company’s operations, delaying projects, and significantly impacted factories.
In a published statement, "ABB recently detected an IT security incident that directly affected certain locations and systems,"
They went on to say, "To address the situation, ABB has taken, and continues to take, measures to contain the incident. Such containment measures have resulted in some disruptions to its operations which the company is addressing. The vast majority of its systems and factories are now up and running and ABB continues to serve its customers in a secure manner.:
"ABB continues to work diligently with its customers and partners to resolve this situation and minimize its impact."
Reportedly the company immediately shut down all VPN connections to clients to limit spread of the ransomware.
The threat actor has been responsible for many corporate attacks including the American Dental Association, Sobeys, Knauf, and Capita – the UK’s largest outsourcing company. In the latest attack they have encrypted data and leaked stolen data.
At this time, there are not any reported attacks against ABB client’s systems. There is not any evidence of leaked data on the dark web at this time. We will continue to monitor the situation and report in this post.
