MathWorks experienced a significant ransomware attack. This attack began on Sunday, May 18, 2025. The company is known for MATLAB and Simulink. Both customer-facing and internal IT systems were affected. MathWorks immediately notified federal law enforcement. Cybersecurity experts were also quickly mobilized for assistance. By May 27, many services had been restored. However, some services still remain degraded or offline. MathWorks, with over 6,500 employees, serves millions. Over five million customers use their software products globally.
The ransomware assault targeted critical IT infrastructure. This resulted in several online applications becoming unavailable.
Key internal systems also went down during the incident. Ransomware is malware that encrypts files for ransom. Attackers often exploit network vulnerabilities or use phishing. Multiple applications were impacted starting May 18th. Importantly, Single Sign-On and Multi-Factor Authentication were restored. This occurred on May 21st, resolving many sign-on problems. Gradual restoration continued from May 23rd to May 27th. Services like MATLAB Online and MATLAB Mobile came back. However, software downloads were still offline as of May 27th.
MathWorks has focused on restoring widely used services first.
MATLAB Answers and Cloud Center are now operational. MATLAB Grader, Cody, and ThingSpeak are also restored. These are primarily available for existing users. The File Exchange service is working but in a degraded state. Features like file viewing and GitHub sync remain disabled. The MathWorks Account system is also experiencing service degradation. This prevents new account creation at times. It also causes intermittent issues with two-step verification. Users needing to install or update software face problems. Those not signed in since October 11, 2024, may struggle to log in.
This incident underscores the persistent risk of ransomware. The software industry continually faces such cyber threats. MathWorks’ swift actions helped mitigate further potential damage. However, the event highlights the need for strong security. Key risk factors include phishing and unpatched software. Weak authentication and inadequate backups are also critical. MathWorks has not yet named the ransomware group involved. It is also unknown if any customer data was stolen. No ransomware gang has publicly claimed this breach. This could suggest MathWorks paid the ransom. Alternatively, negotiations might still be in progress with attackers.
Reference:
