Major electronics firm Data I/O, that works with customers like Amazon, Apple, Google, along with Microsoft, revealed to federal agencies that it had been compromised via ransomware on August 16 and that the infection is still interfering with its business operations.
Yesterday, in a Form 8-K that was submitted to the US Securities and Exchange Commission, the manufacturer claimed that:
“The Company is working diligently to restore the affected systems.”
The attack involving ransomware “temporarily impacted the Company’s operations, including internal/external communications, shipping, receiving, manufacturing production, and various other support functions”. Furthermore, Data I/O alleges that even though some of its operations were successfully reinstated, others continue to be not operational because they have no expected duration of restoration. There is an investigation going on.
When The Register asked the company about the breach, including whether or whether customers’ data was stolen during the intrusion, the company did not immediately reply. At this moment, Data I/O had not been mentioned on any data leak portals, and also none of the standard suspects had claimed responsibility for the ransomware attack.
The SEC filing asserts that shortly after encountering of the ransomware, Data I/O “promptly activated its response protocols, took steps to secure its global IT systems and implemented containment measures, including proactively taking certain platforms offline and implementing other mitigation measures.” The ransomware had locked down some of the company’s internal IT systems.
The business added that it had engaged cybersecurity specialists to help with its recovery and look into the ransomware attack. Data I/O’s clients include significant automotive and industrial companies in addition to IT enterprises.
It was stated on the website of the company that:
“Leading global automotive companies trust Data I/O’s systems to correctly program engine instrument clusters, control units, and braking systems. Top industrial controls and internet-of-things manufacturers use Data I/O’s solutions to embed firmware and secrets into their products to ensure they are secured and boot-up during manufacturing.”
In simpler terms, extortionists that aims to steal classified data and then ask for an enormous ransomware fee in exchange for its return are especially intrigued in Data I/O. In addition, they also threaten to make classified data public.
The most recent year-in-review report from operational IT security company Dragos states that ransomware increased 87 percent year over year among industrial enterprises last year, resulting in 1,693 attacks in 2024. Of them, 25% required a complete shutdown, while 75% caused some sort of operational disruption.
This is consistent with the FBI Internet Crime Complaint Center’s (IC3) same conclusion that ransomware was the largest danger to critical infrastructure firms in 2024, as evidenced by the IC3 receiving 9% more complaints than the year before.
In 2024, this industry reported over 4,900 cybersecurity attacks overall, with ransomware accounting for the highest (1,403 reports). Akira, LockBit, RansomHub, Fog, and PLAY were the five ransomware versions that were most frequently reported.
