go.mks.com Open in urlscan Pro
52.54.96.194  Public Scan

Form analysis
0 forms found in the DOM

Text Content

MKS INSTRUMENTS

Update Regarding Ransomware Event

MKS Instruments (including our brands Newport, Ophir, Spectra-Physics and ESI),
recently experienced a ransomware event affecting some of our systems. We took
immediate action, consistent with our established protocols, to fully contain
the issue. We have initiated an ongoing investigation, alongside outside
experts, and have reported the issue to law enforcement.

Unfortunately, our rapid containment efforts necessitated taking certain systems
offline and, out of an abundance of caution, we have temporarily suspended
operations at certain MKS facilities. Our Office 365 systems were not affected
by the incident, so communications with MKS via email or Teams do not pose any
risks. We have been in communication with our customers, suppliers and other
stakeholders, and apologize for the temporary inconvenience this causes. We are
working diligently to complete our investigation and restore our systems in a
secure manner as quickly as possible.

FAQ:

This page is current as of 3/6/2023 at 8:00 AM (US Eastern Standard Time).

1. What happened?

 * MKS Instruments (including our brands Newport, Ophir, Spectra-Physics and
   ESI) recently experienced a ransomware event affecting some of our systems.
 * MKS Instruments took immediate action upon detecting the incident to fully
   contain it.
 * Our investigation into this matter is ongoing, and we will communicate any
   relevant findings as we know more via the web page www.mks.com/incident.

2. Which operations are affected?

 * The incident affected operations at the Company’s Vacuum Solutions and
   Photonics Solutions Divisions, including our ability to process orders and
   ship products.
 * The incident has not impacted operations at our Materials Solutions Division.

3. When did the event occur?

 * We became aware of the event on February 3, 2023.

4. What steps have you taken so far?

 * On February 3, 2023, we took immediate action to activate our instant
   response and business continuity protocols to contain the incident.
 * Specifically, once we observed the threat, we immediately followed protocols
   to power down local devices, data closets, data rooms and data servers
   worldwide. We also took measures to sever the network connection between all
   of endpoints in our sites and our global network. In addition, we have
   notified the appropriate authorities and engaged leading cybersecurity and
   forensic experts to assist us with responding to the incident.
 * While the company is continuing its investigation of the incident, it has
   initiated the recovery phase.

5. Are you working with outside experts? What is the scope of their
investigation?

 * We have engaged leading experts in cybersecurity and forensics to assist with
   our efforts in investigating and responding to the ransomware incident. These
   experts working with our internal team have been conducting ongoing analyses
   of the ransomware, systems impacted, and the means to enhance the security of
   the affected systems.

6. Is it safe to open emails from MKS or to communicate with them via Teams?

 * Yes. Our Office365 systems were not affected by the incident, so
   communications with MKS via email or Teams do not pose any risks.

7. How do you know that email and Teams communication is safe?

 * Based upon our forensic review, we are confident that its Microsoft Office
   365 applications, including email and Teams, were not affected by the
   ransomware event and are safe to use. This conclusion is based on a
   post-attack investigation by our outside forensic experts and cybersecurity
   engineers, which included an analysis of audit logs for our Microsoft
   Office365 environment. The forensic experts confirmed that the threat actor
   did not attempt to access Office365 either before or during the attack
   against MKS. In addition, forensic analysis of machines on the MKS network
   revealed no findings indicating the threat actor attempted to access, or
   accessed, Office365 accounts. We utilize multi-factor authentication and
   executed a global password reset to mitigate the possible loss of
   credentials. All inbound and outbound email content is scanned with
   Proofpoint email gateway filtering software for malicious attachments.

8. Do you have an expected timeline for restoration of services?

 * We are well into the recovery phase and we have initiated manufacturing and
   service operations and the restoration of our business systems. We expect
   these operations will be recovered over the coming weeks, including
   manufacturing, shipping, field service and depot repair, and providing ship
   dates and PO acknowledgements. Our main focus is on ramping up our production
   to meet the needs of our customers.
 * In addition, our www.mks.com, www.newport.com and www.spectra-physics.com
   websites are now available. Limited eCommerce is available, and full
   functionality will be available during this week.

9. Have you prioritized the order in which services will be restored?

 * Yes, the first priority is the restoration of the following, with the
   necessary network and infrastructure as pre-requisites:
   - ERP systems
   - Endpoints within our production facilities
   - MKS public website

10. What steps have you taken to enhance the security of your IT infrastructure?

 * With guidance from our third-party partners, we took a number of steps to
   enhance the security of our infrastructure.

11. How will you keep us informed about the incident going forward?

 * As our IT team is focused on restoring the functionality of our systems, we
   will be providing updates at www.mks.com/incident.

12. How can I submit a question?

 * We have established a dedicated email address for incident related questions
   at incidentquestions@MKSinst.com

© 2023 MKS Instruments
2 Tech Drive, Suite 201, Andover, Massachusetts 01810, USA
 * 
 * 
 * 
 *