Tower Semiconductor Ltd, an Israeli company that manufactures camera sensors and wireless chips, has paid out hundreds of thousands in dollars to cybercriminals following a ransomware assault, reports Calcalist.

Outlining a ransom attack to regulators

Headed by CEO Russell Ellwanger, Tower currently employs a workforce of 5,000 and is based in northern Israel’s Migdal HaEmek. Unlike other enterprises struck by ransomware attacks that decide to pay, it did not attempt to keep the incident or its actions a secret.

The tech-firm promptly informed the Israel Securities Authority of the attack and notified them that it had shut down a selection of its servers and paused production in areas potentially impacted, as a precautionary measure.

With dedicated protection against ransomware in place, Tower’s insurance company will pay the hacker’s requested ransom, so they will relinquish their paralysing grip on the firm’s servers. It is believed that this payment will result in a return to full operation.

Extensive damage to industrial enterprises

A halt in the manufacturing process can result in a severe financial blow to a mass-production enterprise like Tower, operating in the industrial sector. In terms of economic damage, shutting down assembly lines as a result of ransomware can lead to losses that reach seven figures in dollars, depending on the duration for which production must be paused. On top of this, like all company’s hit by ransomware, there are additional costs from forensic investigations and newly employed security measures as well as damage to public reputation.

Head of research and security for Cybereason, Yossi Ranchman commented on the attack and the decision to pay the ransom:

“We usually recommend not to pay the hackers. We are assuming that in this case, the company has suffered damage that leaves it with no choice but to pay and that this is a case of risk management for it. Every minute in which the company is shut down is costing it more than the price of the ransom. Law enforcement authorities also don’t recommend paying a ransom. If a company is properly prepared with periodic backups and subsidiary systems, it doesn’t need to pay a ransom.”

How the ransomware operators breached the chip producer’s defences has not been identified, but the recent shift to remote working around the world has presented new vulnerabilities for hackers to exploit. While many security systems have begun to adapt, staff working outside of safe perimeters has ultimately created new options for opportunistic operators seeking to hit companies where it hurts.

Typically deployed using emails or chat messages, ransomware is hidden in links and recipients are fooled into activating and downloading the malicious code. Information that is crucial to business processes, or confidential in nature, is then locked or stolen by hackers, who will only release it on receipt of a requested ransom.

According to experts at Israel-based cybersecurity firm Skybox Security, the first six months of 2020 has seen an increase in ransomware attacks in Israel of 72% in comparison to 2019’s first half. To date, the firm has logged 9,000 ransomware attacks and expects a total of around 20,000 for 2020.