Black Basta Strikes Again:
Swedish-Swiss Tech Giant Hit By Ransomware

Swedish-Swiss Tech Giant Falls Victim to Black Basta Ransomware Attack

Swedish-Swiss automation and robotics giant ABB Ltd. encountered a cyberattack that interrupted its operations. The company, headquartered in Zurich, reports that specific locations and systems were directly impacted by this security incident and that they are working to contain the security incident.

ABB boasts a workforce of about 105,000 employees and reported a revenue of around $29.4 billion for the year 2022. Among the various services it offers, the firm specializes in creating industrial control systems (ICS) and SCADA systems that cater to manufacturers and energy providers. The tech giant works with a diverse array of clients and local governments including prominent organizations such as Hitachi, DS Smith, Volvo, and the City of Nashville.

The company runs over 40 facilities in the U.S. dedicated to manufacturing, engineering, research, and services. They have a well-established reputation for serving an array of federal agencies. These include the Department of Defense, U.S. Army Corps of Engineers among others, as well as Federal Civilian agencies such as the Departments of Transportation, Energy, Interior, the U.S. Postal Service and the United States Coast Guard.

According to a BleepingComputer report the company suffered a cyber attack executed by the Black Basta Ransomware gang, a cybercrime group believed to have surfaced in April 2022. The attack has hampered the company’s Windows Active Directory thus, affecting hundreds of its devices. The attack disrupted company’s operations affecting factories and projects.

What is Black Basta Ransomware?

The Black Basta Ransomware first emerged in the early 2022. It is notorious for its two-pronged extortion strategy: it encrypts the target’s files, exfiltrates confidential data, and then threatens to leak this information unless a ransom is paid. The Ransomware is run by a threat group proficient in the Russian language, known for their prior experience in orchestrating Ransomware attacks.

The Black Basta Ransomware group is a relatively new entrant in the Ransomware-as-a-Service (RaaS) sphere and is believed to be a “rebranding” of the infamous Conti Ransomware group.

Since their inception, the Black Basta Ransomware group have perpetrated a series of attacks, targeting organizations such as the American Dental Association, Knauf, Sobeys, and Yellow Pages Canada. In a recent incident, they targeted Capita, UK’s leading outsourcing firm and leaked their data.

What makes Black Basta hard to detect?

Black Basta is a formidable cyber threat. As per Kaspersky, the variations of this Ransomware have the capability to infiltrate systems running on Linux, Windows, and VMware ESXi systems.

Black Basta distinguishes itself through its distinctive approach: it deploys different Ransomware versions to target Linux and Windows systems. Additionally, the Windows’ variant initiates a system boot in safe mode prior to encryption. According to cybersecurity experts, this strategy enables the malware to circumvent detection by various security systems, as most security solutions are not operational in safe mode.

Black Basta shares similar techniques, tactics and procedures (TTPs) mirroring those of other Ransomware groups like BlackMatter. Black Basta spreads via phishing emails and takes advantage of software vulnerabilities. After compromising a system, it eliminates all Volume Shadow Copies – backup versions of system files. The desktop wallpaper is substituted with a JPG image, and the encrypted files are preserved as an ICO file, a format typically used for icons in Windows OS.

Unlike other Ransomware variants, Black Basta does not bypass files with certain extensions. Nevertheless, the system continues to function even if essential folders remain unencrypted.

How to keep Black Basta Ransomware at bay?

As Black Basta and other Ransomware groups continue their cyber assault on organizations worldwide, it’s imperative to implement cyber defense strategies to safeguard your data and systems against these perils.

Futurism recommends the following security measures to keep Black Basta at bay:

• Ensure system updates: Regularly update your operating systems, software, and security applications to guard against recognized vulnerabilities and potential cyber risks. Invest in a good vulnerability assessment and penetration testing solution.

• Implement IAM & multi-factor authentication(MFA): Enhance the security of your systems and data by applying IAM and MFA wherever feasible. Typically, users are required to furnish two or more forms of authentication, such as a password combined with a biometric factor, to access a system or application.

• Educate your workforce:Educate your employees to identify phishing emails and other prevalent attack tactics employed by Ransomware groups and cybercriminals. Futurism offers a variety of resources to help businesses and MSPs stay updated about recent developments in the cybersecurity space.

• Regularly back up your data:Regularly save your data. This will enable you to recover your data if a Ransomware attack strikes your organization.

• Invest in a trusted cybersecurity partner: Collaborate with a managed cybersecurity solutions provider known for robust cybersecurity service offerings to help identify and mitigate potential risks.

Implementing these best practices will diminish the risk of a Ransomware attack and minimize any potential damage if an attack does occur. Bear in mind that cybercriminals are perpetually upgrading their tactics, so deploying a powerful line of cyber defense is paramount when it comes to strengthening your security posture.

Disclaimer:All the perspectives, views, and information presented in this article are solely those of the individual authors and their corresponding sources. They do not represent or reflect the principles, goals, or viewpoints of Futurism Technologies in any way.