Taiwan Semiconductor Manufacturing Company (TSMC) has reverted to normal operations after a “mutation” of the WannaCryptor (aka WannaCry) malware forced the closure of several of its fabrications plants over the weekend, according to a BBC report.
The company – which is one of the world's largest semiconductor manufacturers and supplies its wares to Apple, AMD, Nvidia, and other big names – has since shed some light on the magnitude of the outbreak, as well as on how it all came about.
In a statement on Sunday, TSMC said that the compromise "occurred due to misoperation during the software installation process for a new tool, which caused a virus to spread once the tool was connected to the Company’s computer network”.
Bloomberg and ZDNet quoted TSMC sources as saying that an identified supplier had installed a software tool tainted with a WannaCryptor variant on TSMC’s computer systems without first running a scan. Once the software was connected to TSMC’s network, the malware spread and hit unpatched Windows 7 systems and fabrication tools in three plants that produce chips for iPhones and several other Apple devices. Both TSMC and Apple declined to discuss the implications for the latter company, however.
"We are surprised and shocked,” said Chief Executive Officer C. C. Wei. “We have installed tens of thousands of tools before, and this is the first time this happened.” Meanwhile, he gave assurances on Monday that it wasn’t the result of a targeted cyberattack.
The company also said that “data integrity and confidential information was not compromised” and that it has moved to close the security hole and enhance security precautions in general.
The chipmaker is bracing itself for a 3-percent revenue hit in the third quarter of this year due to “shipment delays and additional costs”. It is confident, however, that “shipments delayed in third quarter will be recovered in the fourth quarter 2018”.
In case you need to refresh your memory about how WannaCryptor gained infamy in May 2017, head over to any of our pieces we’ve written on the outbreak.
To be sure, that wasn’t the last the world heard of WannaCryptor, as the ransomworm was said to hit one of Boeing’s production facilities in March of this year, although the aircraft manufacturer is thought not to have sustained major damage.