Skip to main content

Foxconn hit by huge ransomware attack

Ransomware
(Image credit: Shutterstock)

The electronics giant Foxconn, which manufacturers Apple's iPhone and many other popular devices, has fallen victim to a ransomware attack at one of its five factories in Mexico.

As reported by BleepingComputer, the ransomware attack occurred over the the Thanksgiving weekend and the attackers managed to steal unencrypted files from the company before encrypting its devices.

While the news outlet has been tracking the rumored attack for some time now, it was confirmed when the DopplePaymer ransomware group published files belonging to Foxconn NA on its data leak site. The leaked data includes a number of generic business documents and reports though it does not contain any financial information from the company or employee's personal details.

According to sources in the cybersecurity industry, Foxconn suffered a ransomware attack at its CTBG MX facility in Ciudad Juárez, Mexico. The facility, which opened in 2005, is used by the company for assembly as well as to ship electronics to customers in North and South America.

Foxconn ransomware attack

Following the attack that occurred on Sunday, November 29, the DopplePaymer ransomware group left a ransom note on Foxconn's servers demanding a payment of $34m to unlock the company's files.

In an interview with BleepingComputer, DopplePaymer explained that it had attacked Foxconn's North American business and not the whole company, saying: 

"We encrypted NA segment, not whole foxconn, it's about 1200-1400 servers, and not focused on workstations. They also had about 75TB's of misc backups, what we were able to - we destroyed (approx 20-30TB)."

Foxconn also provided the news outlet with a statement confirming the attack, which reads:

"We can confirm that an information system in the US that supports some of our operations in the Americas was the focus of a cybersecurity attack on November 29. We are working with technical experts and law enforcement agencies to carry out an investigation to determine the full impact of this illegal action and to identify those responsible and bring them to justice. The system that was affected by this incident is being thoroughly inspected and being brought back into service in phases." 

We'll likely find out more regarding the full extent of the ransomware attack once Foxconn and law enforcement agencies finish their investigation.

Via BleepingComputer