Security Market Segment LS
Thursday, 16 July 2020 10:29

Texas foundry group X-FAB takes a hit from Maze ransomware Featured

By
Texas foundry group X-FAB takes a hit from Maze ransomware Image by InspiredImages from Pixabay

On what appears to be big day for announcement about Windows ransomware attacks, a gang says it has used the Maze ransomware to attack the infrastructure of X-FAB, a foundry group based in Lubbock, Texas, that claims to be number one in the world for for analog/mixed-signal semiconductor applications. The company has already acknowledged the attack which was apparently carried out on 5 July.

The group behind the attack has released some data stolen from the company as zipped files. The company also has operations in China, the UK and Eastern Europe. The attack has led to a postponement of the second quarter results announcement from 30 July to 27 August. In 2019, X-FAB had revenue of US$506.4 million (A$723 million), a drop of 13.9% from the 2018 figure of US$587.9 million.

The X-FAB Group is organised under the umbrella of X-FAB Silicon Foundries, a holding company located in Tessenderlo, Belgium. Its Manufacturing sites are in Erfurt, Dresden and Itzehoe in Germany, Corbeil-Essonnes in France, Kuching and Sarawak in Malaysia and Lubbock.

The Texas KCBD news channel reported on Wednesday US time that production at the company's plant in Lubbock was stopped ion 5 July due to a ransomware attack on manufacturing and It systems.

KCBD referred to a statement released by X-FAB this week saying one of its manufacturing sites had resumed production on 13 July US time.

xfab2

 

A screenshot from the Maze ransomware site. Supplied

The channel said it had confirmed that the Lubbock site, which has been in business for two decades, was still closed.

The company has about 3800 employees worldwide, 200 of whom work in Lubbock.

X-FAB issued a statement on 7 July saying it had been the target of a cyber security attack. "On 5 July, 2020, X-FAB Group was the target of a cyber security attack. Following the advice of leading security experts engaged by X-FAB, all IT systems have been immediately halted. As an additional preventive measure, production at all six manufacturing sites has been stopped," the company said.

"X-FAB has promptly engaged with the relevant authorities to investigate the unprecedented incident. In addition, a team of internal and external security experts has been put in place to resolve the problem and to recover all systems.

"X-FAB also decided to immediately start the temporary fabrication facility shutdowns that were initially planned to take place later in the third quarter in the context of X-FAB's Covid-19 cost-saving initiative.

xfab ataglance

Courtesy X-FAB.

"At this stage, it cannot be estimated for how long and to which degree X-FAB's operations will be disrupted. It is also too early to assess if there will be any financial impact."

In an update issued on 13 July US time, the company said: "X-FAB Group, whose IT systems and production lines were stopped to prevent damage following the cyber attack on 5 July, resumed production at one of its manufacturing sites. All other sites will follow within a week's time frame from now.

"The majority of X-FAB's customers and business partners was notified of the event. X-FAB does not expect a major impact on its business. Most orders are foreseen to be executed within the third quarter, only some deliveries may have to be shifted to the fourth quarter after close alignment with the respective customers.

xfab key markets

Courtesy X-FAB.

"In response to the production stop after the cyber attack, X-FAB had pulled forward the two-week fab shutdowns initially planned to take place later in the third quarter as part of its COVID-19 cost-saving initiative. After a detailed check, X-FAB does not anticipate damage to the work in progress caused by the sudden stop of its production lines.

"Investigations, meanwhile, revealed that it was a ransomware attack. This type of attack is generally known for demanding a ransom for decryption of data as well as for misusing data.

"The financial impact of the cyber attack is not expected to be material. There will be an additional investment to improve IT security. Together with external cyber security experts, X-FAB worked out a strategy to gradually and safely resume all systems while making the company's IT infrastructure more robust and secure going forward.

"X-FAB's priority now is to resume production at all manufacturing sites. All other IT-related systems will follow. Under these circumstances, the publication of the second quarter results initially planned for 30 July will be postponed to 27 August 2020."

Comtacted for comment, iTWire's regular commentator on matters of this nature, Brett Callow, said: "The big game hunting groups seem to be hunting ever bigger game, with the number of successful attacks on large enterprises steadily increasing. This is not surprising."

Callow, who works as a ransomware threat researcher with New Zealand-headquartered Emsisoft, added: "Ransomware groups are better resourced than ever before and, consequently have more to invest in ramping up their operations in terms of both sophistication and scale. And, of course, the bigger victims, the bigger the ransoms which means the groups have even more to invest.

"The only way to break this vicious cycle of constant escalation is for companies to stop paying ransoms. If every company were to refuse to pay, ransomware would very quickly become a thing of the past."


Subscribe to Newsletter here

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

BACK TO HOME PAGE

ZOOM WEBINARS & ONLINE EVENTS

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News

Comments