Disruption from a ransomware attack on a little-known supplier to the world’s largest semiconductor equipment manufacturers will continue into March, in a new setback to chip production after years of coronavirus-related delays.
US-based MKS Instruments told investors and suppliers this week that it had yet to fully recover from a “ransomware event”, first identified on February 3, in an attack that has strained supply chains for the global chip industry.
“We’ve begun starting up the affected manufacturing and service operations,” MKS chief executive John Lee said in a call with analysts and investors on Tuesday.
MKS’s customers include many of the largest companies that produce semiconductors and the specialised equipment necessary to manufacture them, including TSMC, Intel, Samsung and ASML.
The company had revealed on Monday that it could still take “weeks” more to restore operations and would cost hundreds of millions of dollars in lost or delayed sales. Most ransomware victims are able to recover in about three weeks, according to industry estimates.
The attack affected “production-related systems” as well as critical business software, MKS said earlier this month, forcing it to suspend operations at some of its facilities. The Massachusetts-based company makes lasers, vacuum systems and other specialised equipment vital to chip manufacturing.
Lee has said the attack “materially impacted” its systems, including its ability to process orders and ship products in its two largest divisions, photonics and vacuum.
After delaying publication of its latest financial results, which were released on Monday, the company has now told the US stock market regulator that it is unable to file its annual report on time. Missing the extended deadline could result in a fine.
Its forecast of “at least” a $200mn hit to its current quarter’s revenues is about a fifth of the $1bn in sales that it had forecast before the attack. Analysts at Cowen, a broker, estimate the final impact on quarterly sales could total as much as $500mn — more than half what Wall Street had previously predicted.
“The full scope of the costs and related impacts of the incident has not yet been determined,” MKS said, though it hoped to “substantially recover” the lost revenue by the end of the second quarter.
The company’s most recent annual report lists Applied Materials and Lam Research as its two largest customers, accounting for more than a quarter of its net revenues in 2021.
Applied Materials, the chip equipment manufacturer, warned earlier this month that it faced a potential $250mn shortfall to its current quarter’s revenues due to a “cyber security event recently announced by one of our suppliers”, widely believed to be MKS. Lam Research did not respond to requests for comment on any impact on its business.
Another semiconductor industry supplier, Ultra Clean Holdings, has also blamed a cyber attack on an unnamed supplier — which analysts believe is MKS — for an anticipated $30mn hit to its quarterly revenues.
Many of MKS’s products are highly specialised parts or tools in the early part of the chip manufacturing supply chain. These include components that become part of machines then purchased by chip manufacturers, said Joe Quatrochi, a director of equity research at Wells Fargo, such as lasers that burn holes into circuit boards, gauges and power supply parts.
The semiconductor supply chain, which in many places relies on components made by only one provider, has faced repeated shortages over the past two to three years due to production and logistics delays.
However, demand for smartphones and other consumer electronics has waned in recent months as coronavirus lockdowns eased and consumer spending has been squeezed by inflation. That has caused shortages of some components to swing suddenly to a glut, in what has always been a highly cyclical industry.
MKS customers were hoping that the delays were a short-term “air pocket” from which it would recover soon, said Quatrochi.
But since it falls within the broad definition of critical national infrastructure, it is unclear if MKS will be encouraged by US law enforcement to resolve the issue by paying a ransom. There are few technical solutions to ransomware, and a company that does not pay the ransom can spend months rebuilding its systems.
MKS said it was working to assess “the effectiveness of internal control over financial reporting, in particular with respect to the ransomware event”, which had left it unable to access its business planning systems.
Shares in MKS fell by about 15 per cent between February 3, the last day of Nasdaq trading before the company first disclosed the attack, and Monday night’s results release. The stock was about 5 per cent higher in early trading on Tuesday morning following Lee’s comments to analysts.