Ransomware attack disrupts MathWorks services, investigation ongoing

MathWorks, the Massachusetts-based software company renowned for developing MATLAB and Simulink, has confirmed that a ransomware attack is behind a recent and ongoing service outage affecting its systems and customer-facing applications.

In an incident report published on its official status page, MathWorks disclosed that the ransomware attack struck its IT infrastructure on Sunday, May 18. The breach resulted in significant disruptions, rendering multiple online services and internal systems temporarily inaccessible.

"MathWorks experienced a ransomware attack. We have notified federal law enforcement of this matter. The attack affected our IT systems," the company stated. Among the affected services are the cloud center, file exchange, license center, and MathWorks store—platforms widely used by the company’s extensive global user base.

Headquartered in Natick, Massachusetts, MathWorks was founded in 1984 and employs more than 6,500 people across 34 offices worldwide. Its flagship products, MATLAB and Simulink, are critical tools in engineering, scientific research, and industrial applications, used by over 100,000 organizations and more than 5 million customers.

Although some services have since been restored—including multi-factor authentication and single sign-on access as of May 21—issues persist. Users continue to report problems with account creation, and some customers who have not logged in since October 11, 2024, remain unable to access their accounts.

MathWorks has not disclosed whether any customer or corporate data was exfiltrated during the breach. Additionally, the identity of the ransomware group responsible has not been confirmed. No known ransomware gang has publicly claimed responsibility, a detail that raises the possibility that MathWorks may be in negotiations with the attackers or has potentially met ransom demands in private.

At this stage, it remains unclear how the attackers gained access to MathWorks’ systems or what specific vulnerabilities were exploited. The company has not responded to further media inquiries, including from BleepingComputer, regarding the nature and scope of the attack.