The group behind the attack has released some data stolen from the company as zipped files. The company also has operations in China, the UK and Eastern Europe. The attack has led to a postponement of the second quarter results announcement from 30 July to 27 August. In 2019, X-FAB had revenue of US$506.4 million (A$723 million), a drop of 13.9% from the 2018 figure of US$587.9 million.
The X-FAB Group is organised under the umbrella of X-FAB Silicon Foundries, a holding company located in Tessenderlo, Belgium. Its Manufacturing sites are in Erfurt, Dresden and Itzehoe in Germany, Corbeil-Essonnes in France, Kuching and Sarawak in Malaysia and Lubbock.
The Texas KCBD news channel reported on Wednesday US time that production at the company's plant in Lubbock was stopped ion 5 July due to a ransomware attack on manufacturing and It systems.
A screenshot from the Maze ransomware site. Supplied
The channel said it had confirmed that the Lubbock site, which has been in business for two decades, was still closed.
The company has about 3800 employees worldwide, 200 of whom work in Lubbock.
X-FAB issued a statement on 7 July saying it had been the target of a cyber security attack. "On 5 July, 2020, X-FAB Group was the target of a cyber security attack. Following the advice of leading security experts engaged by X-FAB, all IT systems have been immediately halted. As an additional preventive measure, production at all six manufacturing sites has been stopped," the company said.
"X-FAB has promptly engaged with the relevant authorities to investigate the unprecedented incident. In addition, a team of internal and external security experts has been put in place to resolve the problem and to recover all systems.
"X-FAB also decided to immediately start the temporary fabrication facility shutdowns that were initially planned to take place later in the third quarter in the context of X-FAB's Covid-19 cost-saving initiative.
"At this stage, it cannot be estimated for how long and to which degree X-FAB's operations will be disrupted. It is also too early to assess if there will be any financial impact."
In an update issued on 13 July US time, the company said: "X-FAB Group, whose IT systems and production lines were stopped to prevent damage following the cyber attack on 5 July, resumed production at one of its manufacturing sites. All other sites will follow within a week's time frame from now.
"The majority of X-FAB's customers and business partners was notified of the event. X-FAB does not expect a major impact on its business. Most orders are foreseen to be executed within the third quarter, only some deliveries may have to be shifted to the fourth quarter after close alignment with the respective customers.
"In response to the production stop after the cyber attack, X-FAB had pulled forward the two-week fab shutdowns initially planned to take place later in the third quarter as part of its COVID-19 cost-saving initiative. After a detailed check, X-FAB does not anticipate damage to the work in progress caused by the sudden stop of its production lines.
"Investigations, meanwhile, revealed that it was a ransomware attack. This type of attack is generally known for demanding a ransom for decryption of data as well as for misusing data.
"The financial impact of the cyber attack is not expected to be material. There will be an additional investment to improve IT security. Together with external cyber security experts, X-FAB worked out a strategy to gradually and safely resume all systems while making the company's IT infrastructure more robust and secure going forward.
"X-FAB's priority now is to resume production at all manufacturing sites. All other IT-related systems will follow. Under these circumstances, the publication of the second quarter results initially planned for 30 July will be postponed to 27 August 2020."
Comtacted for comment, iTWire's regular commentator on matters of this nature, Brett Callow, said: "The big game hunting groups seem to be hunting ever bigger game, with the number of successful attacks on large enterprises steadily increasing. This is not surprising."
Callow, who works as a ransomware threat researcher with New Zealand-headquartered Emsisoft, added: "Ransomware groups are better resourced than ever before and, consequently have more to invest in ramping up their operations in terms of both sophistication and scale. And, of course, the bigger victims, the bigger the ransoms which means the groups have even more to invest.
"The only way to break this vicious cycle of constant escalation is for companies to stop paying ransoms. If every company were to refuse to pay, ransomware would very quickly become a thing of the past."