Semiconductor industry giant says ransomware attack on supplier will cost it $250 million

Multibillion-dollar corporation Applied Materials, which provides technology for the semiconductor industry, said during an earnings call this week that a ransomware attack on one of its suppliers would cost it $250 million in the next quarter.

The company did not say which supplier it was referencing, but several industry analysts said it was technology and engineering company MKS Instruments. MKS announced Monday that it was forced to reschedule its own fourth-quarter earnings call due to a ransomware attack that was discovered on February 3.

“Very recently, one of our major suppliers encountered a disruption that will impact our second-quarter shipments,” Applied Materials Chief Executive Officer Gary Dickerson said on a conference call Thursday.

In its earnings report release, Applied Materials said that for the second quarter of fiscal 2023, it expects net sales to be approximately $6.40 billion — including “ongoing supply chain challenges and a negative estimated impact of $250 million dollars related to a cybersecurity event recently announced by one of our suppliers.”

The company did not respond to requests for comment confirming that the supplier is MKS Instruments.

MKS Instruments said it is still in the “recovery phase” after allegedly containing the ransomware attack.

“MKS continues to work diligently to restore operations at affected facilities. The ransomware event has had a material impact in the first quarter on the Company’s ability to process orders, ship products and provide service to customers in the Company’s Vacuum Solutions and Photonics Solutions Divisions,” the company said.

MKS added that it is still unsure of the full scope of the costs and impacts related to the ransomware incident. The company is also still determining whether its cyber insurance will cover some of the costs related to the attack. The earnings call is now set for February 28.

“By postponing the timing of the release of financial results, the Company expects to be in a better position to address the financial impact of the ransomware event,” MKS explained.

No ransomware group had publicly taken credit for the attack on MKS as of Friday.

Supply chain worries

The attack on MKS highlights one fear several cybersecurity experts have expressed in recent years: As larger companies get better at securing their systems, attackers will target smaller, weaker links in the supply chain.

Monti Knode of cyberdefense company Horizon3.ai said more businesses like MKS are publicly acknowledging the tangible outcomes of cyberattacks.

Others, like Approov CEO Ted Miracco, told The Record that the semiconductor supply chain remains one of the most complicated and important segments of the global economy.

“As we witnessed last year, interruptions in the semiconductor market can have long term consequences that impact everything from automobiles to the price of food,” he said.

“These attacks on the semiconductor supply chain deserve a lot more attention than the latest balloon incidents.”