Recent WannaCry Attack on Chip Manufacturer Expected to Cost $170 Million

A WannaCry ransomware attack has been reported by the Taiwan Semiconductor Manufacturing Co. The malware infection has crippled some of the company’s manufacturing plants which has halted chip production in some of the company’s factories.

The Taiwan Semiconductor Manufacturing Co. is the world’s largest chip manufacturer, supplying its products to Nvidia, AMD, Apple, Qualcomm and many other major manufacturers. The attack has had a significant impact on production and is expected to result in a 2% reduction in Q3 revenue and will cost the firm an estimated $170 million.

The attack was extensive as WannaCry has worm-like capabilities. Once installed on a device it is able to search the network for other vulnerable computers and propagate. However, in this case the malware infection did not encrypt any hard drives. Instead it crashed the company’s systems causing them to continually reboot.

WannaCry ransomware is believed to have been created by hackers in North Korea. The ransomware was released in May 2017 and infected approximately 300,000 devices in 150 countries before a kill switch was identified that stopped the ransomware from running. Security researcher Marcus Hutchins discovered the ransomware checks to determine if a specific domain is live. If it is, the ransomware doesn’t run. Hutchins purchased and hosted the domain and neutralized the attacks.

The fact that the Taiwan Semiconductor Manufacturing Co., experienced an extensive WannaCry attack suggests that the affected systems were not connected to the internet. Since the domain is still live, the malware would not have run.

An investigation into the attack confirmed this was not the work of a hacker. The company issued a statement saying, “data integrity and confidential information was not compromised.” The firm has accepted responsibility for the infection attributing it to negligence. The firm uses the Windows 7 operating system in its facilities and installed a new software tool without first checking it for malware. Had that check taken place, the infection would have been avoided.

WannaCry exploits a vulnerability in Windows server message block protocol. A patch to correct the vulnerability was issued by Microsoft in March 2017. If the patch is applied, companies are immune to WannaCry attacks. Taiwan Semiconductor Manufacturing Co., had failed to install the patch on certain systems.

“This virus infected fab tools and automated materials handling systems, as well as related computer systems, which used Windows 7 without patched software for their tool automation interface,” the company said in a statement about the attack. “It caused affected tools to become inoperable and rendered certain automated materials handling systems unable to function normally.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news