LockBit Ransomware Claims TSMC as Its Latest Victim, Demands $70M

• Taiwan Semiconductor Manufacturing Company (TSMC) confirmed on Friday that its IT hardware supplier Kinmax Technology was victimized in a data breach.
• The world’s biggest semiconductor fabricator said the breach didn’t affect customer information.
• The LockBit ransomware gang claims to have TSMC data and is threatening to leak all data unless TSMC pays $70 million.

A day after the LockBit ransomware gang publicly listed Taiwan Semiconductor Manufacturing Company (TSMC) as one of its victims on its leak site, the company confirmed a breach at one of its hardware suppliers.

TSMC told multiple publishers on Friday, June 30, that it ceased data exchange with Taiwan-based Kinmax Technology when it learned of the breach. Kinmax Technology detected the breach on Thursday, the same day LockBit listed TSMC on its leak site and demanded $70 million to delete the data it claims to have stolen securely.

Kinmax Technology said that an unnamed external group gained access to one of its test environments and subsequently fetched configuration files and other parameter information.

“TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident which led to the leak of information pertinent to server initial setup and configuration,” a TSMC spokesperson told BleepingComputer. “At TSMC, every hardware component undergoes a series of extensive checks and adjustments, including security configurations, before being installed into TSMC’s system.”

“Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information.”

LockBit Leak Site Post About TSMC

See More: Blackcat Ransomware Threatens To Leak 80GB Data Unless Reddit Withdraws Its New API Policy

Kinmax, which counts Cisco, NetApp, HPE, Microsoft, Red Hat, VMware, NVIDIA, Fortinet, and others as its partners, notes in its correspondence with TSMC (obtained by TechCrunch) that the leaked content consisted of system installation preparation for default configurations.

According to Equinix cyber threat intelligence researcher William Thomas, the LockBit ransom gang’s $70 million demand makes it the fourth-highest ransom ask to date.

Top 5 Highest Ransom Demands 📈

🔘 Hive: MediaMarkt – $240m
🔘 REvil: Acer – $100m
🔘 REvil: Kaseya – $70m
🔘 LockBit: TSMC – $70m 🆕
🔘 LockBit: Pendragon – $60m

Honourable mention:
🔘 EvilCorp: CNA Financial – $40m (Paid)

— Will (@BushidoToken) June 30, 2023Opens a new window

TSMC is the biggest contract semiconductor producer, responsible for almost 60% of the market share. On the other hand, LockBit is a Russia-based ransomware-as-a-service outfit, formerly known as ABCD ransomware, and began operations starting September 2019.

The group associated with Evil Corp has become one of the most prolific ransomware syndicates in 2023, developing five ransomware strains so far. DomainTools data indicates LockBit had targeted more than 300 victims as of spring 2023.

LockBit is responsible for 16% of the State, Local, Tribal, and Tribunal (SLTT) government ransomware incidents reported to the MS-ISAC in 2022. Since 2020, the group has carried out 1,700 attacks by June 2023, according to the FBI, netting $91 million in ransomware proceeds.

LockBit said TSMC has until August 6, 2023, to pay the ransom.

How can organizations thwart the LockBit threat? Share your thoughts with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

Image source: Shutterstock

MORE ON RANSOMWARE/CYBER EXTORTION

• LockBit Apologizes for Ransomware Attack on Hospital, Releases Free Decryptor
• MOVEit Vulnerabilities: Clop Ransomware Gang Victims Keep Increasing
• How to Combat Rising Ransomware Attacks in the Public Sector