LockBit Hits Semiconductor Giant TSMC with $70 Million Ransom Demand

Date:

July 5, 2023

World map

The world’s biggest computer chip maker, Taiwan Semiconductor Manufacturing Company (TSMC), fell victim to the LockBit ransomware gang, reporting that data was exfiltrated but that operations were not disrupted.

“The Russia-linked LockBit ransomware gang listed TSMC on its dark web leak site on Thursday,” TechCrunch reports.

“The gang is threatening to publish data stolen from the company, which commands 60% of the global foundry market, unless the company pays a $70 million ransom demand. This is one of the largest known ransom demands in history...”

Takeaway: Ransomware is a multi-billion-dollar business that rivals and even exceeds many legitimate market segments.  

We have witnessed ransomware attacks evolve from nuisance attacks with little impact on business operations and minimal ransom demands to become one of the biggest threats to businesses and our critical infrastructure with ransom demands now well into the tens of millions.  

There really is no limit to the disruptive power and financial impact from ransomware attacks. New RaaS groups are emerging all the time, and they are introducing new tactics, techniques, and procedures including automation of aspects of the attacks - like exploiting vulnerable software like MoveIT and GoAnywhere - and custom tooling for more efficient data exfiltration.  

They have also been expanding their addressable target range by introducing Linux versions, which put at risk the most critical of systems, and at least one group has now developed a MacOS version.  

It likely won't be long before the $70M ransom demand record is exceeded - the only constraints being a targeted organization's ability to pay. If all or a good portion of the demand is paid to the attackers, it will certainly incentivize the RaaS groups and their affiliates to continue advancing their attacks.  

Initial analysis of attack trends in the first half of 2023 show that we are on pace to smash records for the volume of attacks, so it won't be a surprise to see other measures exceed previous levels, including ransom demands amounts.

Authorities are sufficiently motivated to address the growing ransomware problem but like with any emerging threat it takes time to determine what tactics will be effective, what actions will be legal under international law, and then to establish the channels for collaboration with our international partners to stand up an effective strategy to address ransomware attacks.  

Thwarting attackers is extremely difficult - first there is the attribution issue. Attack infrastructure used by ransomware operators may include public cloud providers or compromised networks of otherwise uninvolved entities, obfuscating who the actual culprits are.  

As well, many of these threat actors operate out of nations like Russia and other former Soviet bloc nations where they have no fear of reprisal as long as they don't interfere with the objective of their nation-state hosts.  

In fact, there is plenty of evidence that many of these attack groups are also directly controlled or deeply influenced by Russian and Russian-aligned nations.  

This complicates the task of pursuing the attackers and bringing them to justices, as well as crating the potential that a cybercrime incident could rise to the level of warfare, which would trigger an entirely different set of laws and rules of engagement while raising the potential geopolitical stakes significantly.  

While law enforcement actions are commendable, the only way we can end these operations is to make ransomware attacks unprofitable, and unfortunately, we are far from achieving this goal.  

Resilience planning can go a long way to achieve this though, where organizations have the capabilities in place to detect attacks earlier, to prevent the exfiltration of sensitive data that can be leveraged for extortion, and ensuring they can quickly mitigate the attack and return to normal without a major disruption to operations or the need to pay the attacker's ransom demands.  

These are achievable goals, but they require a willingness on the part of the organization to make the required investments in their security and business continuity posture, and then stress test these policies and procedure regularly through tabletop exercises that simulate a successful ransomware attack.  

Preparation is critical here if we want to counter this scourge of attacks.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.