iPhone chipmaker blames ransomware for factory shutdowns

After a weekend in which it had to shut down several factories making iPhone chips, Taiwan chipmaker TSMC is back up and running and pinning the blame on a network virus infection – specifically, one inflicted by a WannaCry ransomware variant.

On Sunday, the Taiwan Semiconductor Manufacturing Company put out a statement saying that it had recovered about 80% of its affected tools after the variant hit production facilities over the weekend.

According to Bloomberg, the chipmaker said on Monday that full operations had been restored.

TSMC traced the virus infection to a supplier having installed tainted software without having first scanned it. When the virus hit, it spread quickly, affecting production at semiconductor plants in Tainan, Hsinchu and Taichung.

Nehal Chokshi, an analyst with Maxim Group LLC, told Bloomberg that the incident won’t cause any major delays. It would have been much worse if the production line was affected between raw wafer and finished chips, but it wasn’t. So in this case, the only delay for Apple to get its chips will be the number of days the factories were gummed up: that’s about three days, Chokshi said.

Whether Apple is going to feel the same way about its chip supplier is another matter. As Bloomberg put it, this is a black eye for TSMC, which isn’t giving up details about where the WannaCry variant originated, nor how it got past the company’s security protocols. Patches for the vulnerability that the original WannaCry relied upon to spread have been available for well over a year.

CEO C. C. Wei says that there was no hacker involved. Rather, the malware came from an infected production tool – or, as the company said in the statement on Sunday, “misoperation during the software installation process for a new tool, which caused a virus to spread once the tool was connected to the Company’s computer network” – and that the company’s overhauling its security procedures as a result.

We are surprised and shocked. We have installed tens of thousands of tools before, and this is the first time this happened.

WannaCry attacks gripped many large organizations during its first appearance last May. The reappearance of a variant shouldn’t be a surprise, though: the dreaded ransomware never actually went away.

One of the more recent appearances was when it hit Boeing in March.

We don’t know the particulars about the WannaCry variant that hit TSMC or how it may have been modified, but the global WannaCry outbreak, and the NotPetya outbreak that followed shortly after, were powerful demonstrations of what can happen when enough organisations aren’t on top of their security updates.

Patch early, patch often!