Foxconn suffers ransomware attack; hackers demand $34 million ransom

Foxconn, a major electronic company, has confirmed a ransomware attack that hit one of its facilities in Mexico during Thanksgiving weekend. Apparently, threat actors would have managed to extract sensitive files before encrypting the victims’ systems.

This company has become a giant in its field worldwide, employing more than 800 ml people through the parent company and its subsidiaries Sharp Corporation, Innolux and FIH Mobile.

Just a few days ago, the operators of the DoppelPaymer ransomware published files belonging to Foxconn on their site dedicated to publishing leaks as a product of their attacks. The compromised information includes internal business documents, although there does not appear to be any personal information from employees. Soon after, some members of the cybersecurity community confirmed that the company was dealing with an incident detected at Foxconn CTBG MX, based in Ciudad Juarez, Mexico, where electronic equipment is assembled and shipped to various locations in America. 

La imagen tiene un atributo ALT vacío; su nombre de archivo es doppelpaymer01.jpg

Since the attack, the affected installation website has remained inactive, displaying only one error message.

La imagen tiene un atributo ALT vacío; su nombre de archivo es doppelpaymer02.jpg

A source close to the company shared the ransom note sent by threat actors:

La imagen tiene un atributo ALT vacío; su nombre de archivo es doppelpaymer03.jpg

The message includes a link to the doppelPaymer operators’ payment website, hosted on Tor. In this case, the attackers demand a ransom of 1804 Bitcoin, equivalent to almost 35 million dollars.

A researcher managed to contact one of DoppelPaymer’s members, who confirmed that hackers infected Foxconn’s networks in North America in late November, although they did not attack the entire company. During the incident, attackers managed to infect nearly 1200 servers, stealing 100 GB of information and removing more than 20 TB of backups.

La imagen tiene un atributo ALT vacío; su nombre de archivo es doppelpaymer04.jpg

The company has not added additional details despite having received multiple requests for information. DoppelPaymer hackers have been linked to multiple recent security incidents, registering among their victims to organizations such as Petroleos Mexicanos (PEMEX), Compal, University of Newcastle, Banijay Group, among other public and private companies.