Black Basta is back in action.
Black Basta conducts ransomware attack against Swiss technology company ABB.
ABB, a technology company based in Switzerland, confirmed Friday that they are experiencing technical issues relating to a cyber attack. BleepingComputer reports that the Black Basta ransomware gang was behind the attack, but ABB has yet to confirm this. “BleepingComputer has learned from multiple employees that the ransomware attack has affected the company’s Windows Active Directory, affecting hundreds of devices. In response to the attack, ABB terminated VPN connections with its customers to prevent the spread of the ransomware to other networks.”, writes BleepingComputer. ABB seems to remain mostly operational. Eike Christian Mueter, group spokesperson at ABB, told ET CISO, “The vast majority of its systems and factories are up and running and ABB continues to serve its customers in a secure manner.”
Black Basta’s track record.
Dmitry Bestuzhev, Senior Director of Cyberthreat Intelligence at BlackBerry explained, “Black Basta is one of the most actively targeted ransomware groups covering Windows, Linux, and virtualized environments. This group specializes in deploying ransomware from up to down via Active Directory, specifically lightweight directory access protocol (LDAP). When an Active Directory is compromised, it's ‘game over’ for the victim. Targeting businesses, especially strategic businesses like companies building industrial control systems (ICS), is crucial. ICS supports are the most critical and essential operations.” The Record explains, “The Black Basta ransomware group has been behind high-profile attacks on the American Dental Association, German wind farm operator Deutsche Windtechnik and most recently British outsourcing company Capita.”
Martin Fujerik, Vice President for Moody’s Investors Service, commented on the incident and its business impact. “The cybersecurity incident impacting ABB is credit negative, but the extent of any credit impact will depend on the number and criticality of affected devices, the duration of the operational disruption, and any impact the event might have on its relations with customers. The incident follows a number of recent cyber breaches at large multi-national companies such as MKS Instruments, Western Digital, and T-Mobile, indicating that no sector or company is immune to the growing threat of cyberattacks.”
Black Basta also took credit for a cyberattack against Canada’s Yellow Pages directory in April. In that attack the ransomware game made off with social security numbers, sales and purchasing agreements, and sensitive spreadsheets. For more notes on Black Basta’s attack on Yellow Pages see, CyberWire Pro.