MKS Instruments falls victim to ransomware attack

Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission.

MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards.

An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company’s website continued to be inaccessible at the time of writing, with a error notification that read, “Unfortunately, www.mks.com is experiencing an unscheduled outage. Please check back again at a later time.” 

“On February 3, 2023, MKS Instruments identified that it had become subject to a ransomware event and took immediate action to activate its incident response and business continuity protocols to contain the incident,” Kathleen F Burke, senior vice president, general counsel and secretary at MKS Instruments, said in the SEC filing. 

The company said it has notified law enforcement authorities while it investigates and assesses the impact of the incident by engaging “appropriate incident response professionals.”

“The incident has affected certain business systems, including production-related systems, and as part of the containment effort, the company has elected to temporarily suspend operations at certain of its facilities,” Burke said. 

The company said it is working to restore its systems and impacted operations as quickly as possible. “The full scope of the costs and related impacts of this incident, including the extent to which the company’s cybersecurity insurance may offset some of these costs, has not been determined,” Burke said. 

Ransomware attacks on the rise

MKS reported the ransomware incident just a day after national cybersecurity agencies and security experts around the world warned about a global ransomware attack that hit thousands of servers running on VMware ESxi. 

National cybersecurity agencies and organizations in the US, France and Singapore have issued alerts about the attack. Servers have been compromised in France, Germany, Finland, the US and Canada. More than 3,200 servers have been compromised globally so far by the ransomware attack, according to cybersecurity firm Censys. 

In January, there were 33 publicly disclosed ransomware attacks, the highest number of attacks ever recorded for January, according to cybersecurity firm Blackfog. About 438% of ransomware attacks are not publicly disclosed to avoid regulatory penalties, reputation damage and class action lawsuits, the firm noted.

Cybersecurity insurance firm Coalition on the other hand has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The 1,900 CVEs would include 270 high-severity and 155 critical-severity vulnerabilities. The number of vulnerabilities is expected to rise further. Some of these vulnerabilities can possibly be used for ransomware attacks.

READ MORE HERE