ABB Confirms Ransomware Attack

Zurich-based technology giant ABB has issued a public statement to acknowledge that hackers broke into its systems to deploy ransomware.

The Swedish-Swiss multinational is a major player in electrification and automation, serving both the private and public sector, as well as government agencies, including the US Department of Defense.

Earlier this month, news broke out that Black Basta hackers had infiltrated ABB to deploy ransomware. The attack reportedly disrupted the company's operations, impacting factory operations and delaying various projects.

ABB has since confirmed the attack, notifying potentially affected parties, and publishing a press release for maximum transparency.

“ABB recently became aware of an IT security incident that impacted certain ABB systems,” reads the announcement.

The company retained leading experts and kicked off an investigation to assess the severity of the incident. It also notified law enforcement and data protection authorities, as required by law.

While ABB says the incident is contained, the company is still working to restore some impacted services and systems, while also aiming to enhance the security of its systems.

According to Bleeping Computer, the hackers targeted the company's Windows Active Directory, impacting hundreds of Windows systems.

There are still some unknowns at this point, but ABB can now confirm that “an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data.”

ABB says it is still “in the early stages of its investigation [and is] working to identify and analyze the nature and scope of affected data and is further assessing its notification obligations,” which is somewhat at odds with the claim that the incident is contained.

“ABB will communicate with affected parties where necessary, including, for example, specific customers, suppliers, and/or individuals where personally identifiable information was affected,” the notice adds.

In a letter to clients, the company claims there is no evidence that any customer-facing system has been “directly impacted,” nor has any customer reported any such direct impact.