Security Market Segment LS
Thursday, 16 July 2020 10:29

Texas foundry group X-FAB takes a hit from Maze ransomware Featured

Texas foundry group X-FAB takes a hit from Maze ransomware Image by InspiredImages from Pixabay

On what appears to be big day for announcements about Windows ransomware attacks, a gang says it has used the Maze ransomware to attack the infrastructure of X-FAB, a foundry group based in Lubbock, Texas, that claims to be number one in the world for for analog/mixed-signal semiconductor applications. The company has already acknowledged the attack which was apparently carried out on 5 July.

The group behind the attack has released some data stolen from the company as zipped files. The company also has operations in China, the UK and Eastern Europe. The attack has led to a postponement of the second quarter results announcement from 30 July to 27 August. In 2019, X-FAB had revenue of US$506.4 million (A$723 million), a drop of 13.9% from the 2018 figure of US$587.9 million.

The X-FAB Group is organised under the umbrella of X-FAB Silicon Foundries, a holding company located in Tessenderlo, Belgium. Its Manufacturing sites are in Erfurt, Dresden and Itzehoe in Germany, Corbeil-Essonnes in France, Kuching and Sarawak in Malaysia and Lubbock.

The Texas KCBD news channel reported on Wednesday US time that production at the company's plant in Lubbock was stopped ion 5 July due to a ransomware attack on manufacturing and It systems.

KCBD referred to a statement released by X-FAB this week saying one of its manufacturing sites had resumed production on 13 July US time.


 A screenshot from the Maze ransomware site. Supplied

The channel said it had confirmed that the Lubbock site, which has been in business for two decades, was still closed.

The company has about 3800 employees worldwide, 200 of whom work in Lubbock.

X-FAB issued a statement on 7 July saying it had been the target of a cyber security attack. "On 5 July, 2020, X-FAB Group was the target of a cyber security attack. Following the advice of leading security experts engaged by X-FAB, all IT systems have been immediately halted. As an additional preventive measure, production at all six manufacturing sites has been stopped," the company said.

"X-FAB has promptly engaged with the relevant authorities to investigate the unprecedented incident. In addition, a team of internal and external security experts has been put in place to resolve the problem and to recover all systems.

"X-FAB also decided to immediately start the temporary fabrication facility shutdowns that were initially planned to take place later in the third quarter in the context of X-FAB's Covid-19 cost-saving initiative.

xfab ataglance

Courtesy X-FAB.

"At this stage, it cannot be estimated for how long and to which degree X-FAB's operations will be disrupted. It is also too early to assess if there will be any financial impact."

In an update issued on 13 July US time, the company said: "X-FAB Group, whose IT systems and production lines were stopped to prevent damage following the cyber attack on 5 July, resumed production at one of its manufacturing sites. All other sites will follow within a week's time frame from now.

"The majority of X-FAB's customers and business partners was notified of the event. X-FAB does not expect a major impact on its business. Most orders are foreseen to be executed within the third quarter, only some deliveries may have to be shifted to the fourth quarter after close alignment with the respective customers.

xfab key markets

Courtesy X-FAB.

"In response to the production stop after the cyber attack, X-FAB had pulled forward the two-week fab shutdowns initially planned to take place later in the third quarter as part of its COVID-19 cost-saving initiative. After a detailed check, X-FAB does not anticipate damage to the work in progress caused by the sudden stop of its production lines.

"Investigations, meanwhile, revealed that it was a ransomware attack. This type of attack is generally known for demanding a ransom for decryption of data as well as for misusing data.

"The financial impact of the cyber attack is not expected to be material. There will be an additional investment to improve IT security. Together with external cyber security experts, X-FAB worked out a strategy to gradually and safely resume all systems while making the company's IT infrastructure more robust and secure going forward.

"X-FAB's priority now is to resume production at all manufacturing sites. All other IT-related systems will follow. Under these circumstances, the publication of the second quarter results initially planned for 30 July will be postponed to 27 August 2020."

Comtacted for comment, iTWire's regular commentator on matters of this nature, Brett Callow, said: "The big game hunting groups seem to be hunting ever bigger game, with the number of successful attacks on large enterprises steadily increasing. This is not surprising."

Callow, who works as a ransomware threat researcher with New Zealand-headquartered Emsisoft, added: "Ransomware groups are better resourced than ever before and, consequently have more to invest in ramping up their operations in terms of both sophistication and scale. And, of course, the bigger victims, the bigger the ransoms which means the groups have even more to invest.

"The only way to break this vicious cycle of constant escalation is for companies to stop paying ransoms. If every company were to refuse to pay, ransomware would very quickly become a thing of the past."

Read 4665 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News