On May 7, 2023, ABB, a Swiss multinational specializing in electrification and automation, fell victim to a **ransomware attack** by the **Black Basta gang**, a group known for double-extortion tactics and ties to the FIN7 hacking syndicate. The attack crippled ABB’s **Windows Active Directory** and compromised **hundreds of devices**, causing **operational disruptions**, **project delays**, and **manufacturing halts**. To mitigate spread, ABB severed **VPN connections** with clients, further straining business continuity. While the company—headquartered in Zurich with **105,000 employees**—serves critical sectors, including **US federal agencies**, no stolen data has surfaced on the dark web, and ransom demands (if issued) remain undisclosed. The incident underscores the **severe operational and financial strain** imposed by ransomware, though the full scope of data exposure or long-term repercussions is still unclear. Recovery efforts are ongoing as ABB works to restore systems and secure its infrastructure.
Source: https://techmonitor.ai/technology/cybersecurity/abb-cyberattack-black-basta
TPRM report: https://www.rankiteo.com/company/abb
"id": "abb519092125",
"linkid": "abb",
"type": "Ransomware",
"date": "5/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': ['Public sector clients',
'Private sector clients',
'US federal agencies'],
'industry': ['Electrification',
'Automation Technology'],
'location': 'Zurich, Switzerland (HQ)',
'name': 'ABB',
'size': '~105,000 employees',
'type': 'Multinational Corporation'}],
'data_breach': {'data_encryption': True},
'date_detected': '2023-05-07',
'description': 'On May 7, 2023, Swiss multinational company ABB, a leading '
'provider of electrification and automation technology, '
'suffered a ransomware attack by the Black Basta gang. The '
"attack disrupted ABB's operations, affecting its Windows "
'Active Directory and hundreds of devices, leading to delays '
'in projects and impacting manufacturing. In response, ABB '
'terminated VPN connections with clients to prevent further '
'spread. The company, headquartered in Zurich and employing '
'around 105,000 people, serves various public and private '
'sector clients, including US federal agencies. Black Basta, '
'known for double-extortion tactics and linked to the FIN7 '
'hacking group, has been active since April 2022. ABB is '
'working to contain the incident and restore normal '
'operations. It remains unclear if a ransom demand has been '
'issued or paid, and no data has been found on the dark web.',
'impact': {'operational_impact': ['Delays in projects',
'Manufacturing disruptions'],
'systems_affected': ['Windows Active Directory',
'Hundreds of devices']},
'investigation_status': 'Ongoing (as of report)',
'motivation': 'Financial (presumed, due to ransomware tactics)',
'ransomware': {'data_encryption': True, 'ransomware_strain': 'Black Basta'},
'response': {'containment_measures': ['Terminated VPN connections with '
'clients'],
'incident_response_plan_activated': True,
'recovery_measures': ['Restoring normal operations (ongoing)']},
'threat_actor': 'Black Basta',
'title': 'Ransomware Attack on ABB by Black Basta Gang',
'type': 'Ransomware Attack'}