Tower to pay hundreds of thousands of dollars to hackers who paralyzed its manufacturing

Israel-based and Nasdaq-listed wireless chip and camera sensors manufacturer Tower Semiconductor Ltd. (TSEM) has fallen victim to a ransomware attack and is set to pay hundreds of thousands of dollars to hackers in order to release its servers, a person familiar with the matter who spoke on condition of anonymity told Calcalist.

Tower has an insurance policy against cyberattacks and the insurance company will cover the costs. Earlier this summer, it was revealed in Calcalist that Nasdaq and Tel Aviv-listed Israeli software company Sapiens was forced to pay a $250,000 ransom in Bitcoin to hackers that threatened to shut down its computers.

Unlike many companies who pay the ransom and do their best to keep the matter secret, Tower already reported the hack to the Israel Securities Authority on Sunday and said that as a precaution it shut down some of its servers and halted production in part of its manufacturing facilities. The payment of the ransom should allow the company to return production to full capacity almost immediately.

Tower, which is based out of Migdal HaEmek in the north of Israel, employs over 5,000 people. Russell Ellwanger is the company's CEO.

According to Israeli cybersecurity company, Skybox Security, in the first half of 2020 there was an increase of 72% in ransomware attacks compared to the first six months of 2019. The company is expecting that there will be reports of some 20,000 such attacks throughout 2020, with 9,000 already being reported this year.

The suspension of production lines is a painful blow for a chip company like Tower. As well as financial damage, the company has to also deal with blows to its image and manufacturing. The cost of shutting down production lines due to a ransomware attack could reach millions of dollars, depending on how long it lasts. For non-manufacturing companies, recovery from a ransomware attack is far simpler.

"We usually recommend not to pay the hackers," said Yossi Rachman, Cybereason’s head of security research. "We are assuming that in this case, the company has suffered damage that leaves it with no choice but to pay and that this is a case of risk management for it. Every minute in which the company is shut down is costing it more than the price of the ransom. Law enforcement authorities also don't recommend paying a ransom. If a company is properly prepared with periodic backups and subsidiary systems it doesn't need to pay a ransom."

According to Israel cybersecurity giant Check Point, there are two types of ransom attacks: general and focused. While general ransom attacks hurt one in every 25 companies in the world and usually cause local damage that doesn't affect production or operational capabilities, focused attacks are aimed at paralyzing a company's activity. Hackers often spend weeks orchestrating such an attack in order to infect as many computers as possible. These attacks are usually conducted over weekends when most employees are at home and are only discovered after serious damage has already been inflicted. The ransom request and lines of communication with the attackers usually show up on the screens of all the infected computers.

It still remains unclear how hackers breached Tower's defenses, but the move to the work-from-home model due to Covid-19 has presented a golden opportunity for attackers. Most security defense systems have adapted to this new working model, but there is no doubt that employees working from home are far more vulnerable than centralized computer systems located in company headquarters.

According to Shlomi Aviv, the Israel country manager for Dell Technologies subsidiary VMware Inc., since 2015, the number of ransomware attacks multiplied by 15 and since 2018 companies and private individuals paid out $1.8 billion to attackers,

Ransom attacks are usually activated by malicious code transferred via online chat or email. The victim clicks on the link and is transferred to a site from which the harmful code is infused to the host computer. Hackers are then able to take control of the user’s computer or network and prevent other people from using it. After their computers are taken over, its owner or administrator receives a message demanding ransom in return for freeing the computer or network from its cyber shackles. The ransom is often demanded in Bitcoin, which allows the hackers to remain anonymous. According to a report by cyber company Coveware, the hackers release the computers back to use after receiving the payment in 98% of cases. Coveware’s research further found that the average ransom request in 2019 was $40,000 and lasted for 12 days.