Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Swiss automation giant reveals ransomware attack and data breach

A Swiss multinational company with offices in Australia and New Zealand has announced it was recently the victim of a ransomware attack and that some amount of data was exfiltrated in the breach.

user icon David Hollingworth
Mon, 29 May 2023
Swiss automation giant reveals ransomware attack and data breach
expand image

ABB, which is headquartered in Zurich, made the announcement late last week after it became aware of a “security incident”.

The company has since been in contact with cyber security experts, notified the relevant law enforcement agencies, contacted data protection authorities, and begun an investigation into the incident.

“The incident has now been successfully contained,” ABB wrote in a release about the incident.

============
============

“All of ABB’s key services and systems are up and running, all factories are operating, and the company continues to serve its customers. The company also continues to restore any remaining impacted services and systems and is further enhancing the security of its systems.”

As to the incident itself, ABB has said that while some data was exfiltrated, the ransomware itself was not self-propagating. Once the company has determined the nature of the data affected, it has said it will contact all customers and individuals impacted by the breach.

ABB has not identified the threat actor behind the attack, but security expert Kevin Beaumont claims that the Black Basta group is involved.

“I’ve independently confirmed Black Basta hit ABB,” Beaumont said in a post on Mastodon. “They’re not on the portal, even unindexed, so may be paying. It’s a standard Black Basta playbook attack — all the usual TTPs. Exfil, too.”

He later posted that he believes ABB has, in fact, paid the ransom, though the company has made no mention of any payments as of publication.

One of the sectors ABB works in is pulping and paper production, and in an undated article on the importance of securing pulp and paper mills from ransomware, Apala Ray, ABB’s former global cyber security manager of process industries, wrote: “The pulp and paper industry may not appear to some as a lucrative target, after all it is such an established and historic industry. What intellectual property (IP) is there that’s worth stealing? One of our customers recently exclaimed, ‘we’re not interesting enough for hackers’.”

“Herein lies the issue. Today’s hackers aren’t after your IP or contact details, they’re just after your money; and one of their favourite tools is ransomware.”

ABB is a Fortune 500 company with offices all over the world, and its revenue in 2022 was US$29.4 billion.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.