Security Market Segment LS
Thursday, 16 July 2020 10:29

Texas foundry group X-FAB takes a hit from Maze ransomware Featured

Texas foundry group X-FAB takes a hit from Maze ransomware Image by InspiredImages from Pixabay

On what appears to be big day for announcement about Windows ransomware attacks, a gang says it has used the Maze ransomware to attack the infrastructure of X-FAB, a foundry group based in Lubbock, Texas, that claims to be number one in the world for for analog/mixed-signal semiconductor applications. The company has already acknowledged the attack which was apparently carried out on 5 July.

The group behind the attack has released some data stolen from the company as zipped files. The company also has operations in China, the UK and Eastern Europe. The attack has led to a postponement of the second quarter results announcement from 30 July to 27 August. In 2019, X-FAB had revenue of US$506.4 million (A$723 million), a drop of 13.9% from the 2018 figure of US$587.9 million.

The X-FAB Group is organised under the umbrella of X-FAB Silicon Foundries, a holding company located in Tessenderlo, Belgium. Its Manufacturing sites are in Erfurt, Dresden and Itzehoe in Germany, Corbeil-Essonnes in France, Kuching and Sarawak in Malaysia and Lubbock.

The Texas KCBD news channel reported on Wednesday US time that production at the company's plant in Lubbock was stopped ion 5 July due to a ransomware attack on manufacturing and It systems.

KCBD referred to a statement released by X-FAB this week saying one of its manufacturing sites had resumed production on 13 July US time.



A screenshot from the Maze ransomware site. Supplied

The channel said it had confirmed that the Lubbock site, which has been in business for two decades, was still closed.

The company has about 3800 employees worldwide, 200 of whom work in Lubbock.

X-FAB issued a statement on 7 July saying it had been the target of a cyber security attack. "On 5 July, 2020, X-FAB Group was the target of a cyber security attack. Following the advice of leading security experts engaged by X-FAB, all IT systems have been immediately halted. As an additional preventive measure, production at all six manufacturing sites has been stopped," the company said.

"X-FAB has promptly engaged with the relevant authorities to investigate the unprecedented incident. In addition, a team of internal and external security experts has been put in place to resolve the problem and to recover all systems.

"X-FAB also decided to immediately start the temporary fabrication facility shutdowns that were initially planned to take place later in the third quarter in the context of X-FAB's Covid-19 cost-saving initiative.

xfab ataglance

Courtesy X-FAB.

"At this stage, it cannot be estimated for how long and to which degree X-FAB's operations will be disrupted. It is also too early to assess if there will be any financial impact."

In an update issued on 13 July US time, the company said: "X-FAB Group, whose IT systems and production lines were stopped to prevent damage following the cyber attack on 5 July, resumed production at one of its manufacturing sites. All other sites will follow within a week's time frame from now.

"The majority of X-FAB's customers and business partners was notified of the event. X-FAB does not expect a major impact on its business. Most orders are foreseen to be executed within the third quarter, only some deliveries may have to be shifted to the fourth quarter after close alignment with the respective customers.

xfab key markets

Courtesy X-FAB.

"In response to the production stop after the cyber attack, X-FAB had pulled forward the two-week fab shutdowns initially planned to take place later in the third quarter as part of its COVID-19 cost-saving initiative. After a detailed check, X-FAB does not anticipate damage to the work in progress caused by the sudden stop of its production lines.

"Investigations, meanwhile, revealed that it was a ransomware attack. This type of attack is generally known for demanding a ransom for decryption of data as well as for misusing data.

"The financial impact of the cyber attack is not expected to be material. There will be an additional investment to improve IT security. Together with external cyber security experts, X-FAB worked out a strategy to gradually and safely resume all systems while making the company's IT infrastructure more robust and secure going forward.

"X-FAB's priority now is to resume production at all manufacturing sites. All other IT-related systems will follow. Under these circumstances, the publication of the second quarter results initially planned for 30 July will be postponed to 27 August 2020."

Comtacted for comment, iTWire's regular commentator on matters of this nature, Brett Callow, said: "The big game hunting groups seem to be hunting ever bigger game, with the number of successful attacks on large enterprises steadily increasing. This is not surprising."

Callow, who works as a ransomware threat researcher with New Zealand-headquartered Emsisoft, added: "Ransomware groups are better resourced than ever before and, consequently have more to invest in ramping up their operations in terms of both sophistication and scale. And, of course, the bigger victims, the bigger the ransoms which means the groups have even more to invest.

"The only way to break this vicious cycle of constant escalation is for companies to stop paying ransoms. If every company were to refuse to pay, ransomware would very quickly become a thing of the past."

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News