Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware

Summary

Semiconductor services firm Trio-Tech reported that its Singapore subsidiary fell victim to a ransomware attack on March 11, with attackers encrypting files and exfiltrating data. The company initially deemed the incident non-material, but after the Gunra ransomware group published stolen data on its leak site, management reclassified it as a material cybersecurity event. The subsidiary has activated incident response protocols, engaged third-party cybersecurity professionals, notified law enforcement, and is working with cyber insurance providers on remediation and claims.

Full text

Semiconductor services firm Trio-Tech says one of its subsidiaries in Singapore fell victim to a ransomware attack. The incident, the company said in a filing with the Securities and Exchange Commission, occurred on March 11 and resulted in the encryption of certain files within its network. The subsidiary, it told the SEC, immediately activated response protocols, proactively taking its systems offline to contain the incident. Additionally, the subsidiary launched an investigation into the attack with help from third-party cybersecurity professionals and notified law enforcement. “The subsidiary is taking steps to contain the incident, restore affected systems, and enhance monitoring across its network environment. The subsidiary is in the process of notifying affected parties as required by applicable law,” the company said. Initially, Trio-Tech says, the incident was not considered to have a material impact, but the attackers published certain data stolen from its network, and “management concluded that the incident may constitute a material cybersecurity event.”Advertisement. Scroll to continue reading. The company says its investigation into the incident is ongoing and that it has yet to determine the full scope of the potentially affected data. “The subsidiary is also working closely with its cyber insurance provider to support the investigation, remediation, and potential claims process,” Trio-Tech said. The company has not shared details on the threat actor responsible for the attack, but the Gunra ransomware group added Trio-Tech to its Tor-based leak site. SecurityWeek has emailed Trio-Tech for additional information on the attackers’ claims and will update this article if the company responds. California-based Trio-Tech International provides semiconductor back-end solutions (SBS), including manufacturing, testing, and distribution services, as well as industrial electronic equipment. The company has offices in the US, China, Malaysia, Singapore, and Thailand. Related: Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks Related: Russian Ransomware Operator Pleads Guilty in US Related: Mississippi Hospital System Closes All Clinics After Ransomware Attack Related: BeyondTrust Vulnerability Exploited in Ransomware Attacks Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Navia Data Breach Impacts 2.7 MillionThousands of Magento Sites Hit in Ongoing Defacement CampaignAllure Security Raises $17 Million for Online Brand ProtectionCritical Langflow Vulnerability Exploited Hours After Public DisclosureOasis Security Raises $120 Million for Agentic Access Management1stProtect Emerges From Stealth With $20 Million in FundingCritical ScreenConnect Vulnerability Exposes Machine KeysSecurity Firm Aura Discloses Data Breach Impacting 900,000 Records Latest News Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain AttackQNAP Patches Four Vulnerabilities Exploited at Pwn2Own Tycoon 2FA Fully Operational Despite Law Enforcement TakedownOracle Releases Emergency Patch for Critical Identity Manager VulnerabilityCritical Quest KACE Vulnerability Potentially Exploited in AttacksIn Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to ChinaEclypsium Raises $25 Million for Device Supply Chain Security Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveBrian Harrell has been appointed Chief Security Officer at FirstEnergy.eSentire has named James C. Foster as Chief Executive Officer.Green Impact Exchange has appointed John Visneski as Chief Information Security Officer.More People On The MoveExpert Insights The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Gunra ransomware