Article Details

Short circuit: Electronics supplier to tech giants suffers ransomware shutdown. Amazon, Apple, Google, and Microsoft among major customers. Data I/O, a major electronics manufacturer whose customers include Amazon, Apple, Google, and Microsoft, notified federal regulators that it fell victim to a ransomware infection on August 16 that continues to disrupt its business operations. "The Company is working diligently to restore the affected systems," the manufacturer said in a Form 8-K filed with the US Securities and Exchange Commission yesterday.  The ransomware attack "temporarily impacted the Company's operations, including internal/external communications, shipping, receiving, manufacturing production, and various other support functions," it continued. Data I/O also claims that, while it has restored some of its functions, others remain offline, with no timetable for a fix. An investigation is ongoing. The company did not immediately respond to The Register's inquiries about the breach, including if criminals stole customers' data during the intrusion. At press time, none of the usual suspects had claimed responsibility for the ransomware attack and Data I/O has not been listed on any data leak sites. According to the SEC filing, the ransomware locked up some of the company's internal IT systems, and upon discovering the malware, Data I/O "promptly activated its response protocols, took steps to secure its global IT systems and implemented containment measures, including proactively taking certain platforms offline and implementing other mitigation measures." The company also said it hired cybersecurity experts to support its recovery process and conduct an investigation into the ransomware attack. In addition to technology firms, Data I/O counts major automotive and industrial companies as its customers. "Leading global automotive companies trust Data I/O's systems to correctly program engine instrument clusters, control units, and braking systems," the company's website states. "Top industrial controls and internet-of-things manufacturers use Data I/O's solutions to embed firmware and secrets into their products to ensure they are secured and boot-up during manufacturing." In other words, Data I/O is a very attractive target for extortionists looking to steal sensitive data and demand a hefty ransomware for its return, while also threatening to leak secrets. According to operational tech security shop Dragos' most recent year-in-review report, ransomware skyrocketed among industrial organizations last year, increasing 87 percent year-on-year for a total of 1,693 infections in 2024. Of these, 25 percent involved a full shutdown while 75 percent disrupted operations to some degree. This echoes a similar finding by the FBI Internet Crime Complaint Center (IC3), which reported that ransomware posed the biggest threat to critical infrastructure organizations in 2024, with the number of complaints to the IC3 increasing nine percent compared to the previous year. In total, this sector reported almost 4,900 cybersecurity threats in 2024, with ransomware (1,403 complaints) topping the list. The five most reported ransomware variants were Akira, LockBit, RansomHub, Fog, and PLAY.