- December 8, 2020
- Posted by: administrator
- Category: Ransomware
Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices.
Foxconn is the largest electronics manufacturing company globally, with recorded revenue of $172 billion in 2019 and over 800,000 employees worldwide. Foxconn subsidiaries include Sharp Corporation, Innolux, FIH Mobile, and Belkin.
BleepingComputer has been tracking a rumored Foxconn ransomware attack that occurred over the Thanksgiving weekend.
Today, the DoppelPaymer ransomware published files belonging to Foxconn NA on their ransomware data leak site. The leaked data includes generic business documents and reports but does not contain any financial information or employee’s personal details.
Sources in the cybersecurity industry have confirmed that Foxconn suffered an attack around November 29th, 2020, at their Foxconn CTBG MX facility located in Ciudad Juárez, Mexico.
This facility opened in 2005 and is used by Foxconn for assembly and shipping of electronics equipment to all regions in South and North America.
“Our 682,000 square ft building was established back in 2005, and is located in Ciudad Juárez, Chihuahua, Mexico, just across the border from El Paso, Texas. [..] Foxconn CTBG MX is strategically located to support all Americas region,” the Foxconn CTBG MX web page describes the facility.
Since the attack, the facility’s web site has been down and currently shows an error to visitors.
Attackers demand $34 million ransom
Sources have also shared the ransom note created on Foxconn servers during the ransomware attack, as can be seen below.
Included in the ransom note is a link to Foxconn’s victim page on DoppelPaymer’s Tor payment site where the threat actors are demanding a 1804.0955 BTC ransom, or approximately $34,686,000 at today’s bitcoin prices.
In an interview with DoppelPaymer, the ransomware gang confirmed that they attacked Foxconn’s North America facility on November 29th but did not attack the whole company.
As part of this attack, the threat actors claim to have encrypted about 1,200 servers, stole 100 GB of unencrypted files, and deleted 20-30 TB Of backups.
“We encrypted NA segment, not whole foxconn, it’s about 1200-1400 servers, and not focused on workstations. They also had about 75TB’s of misc backups, what we were able to – we destroyed (approx 20-30TB),” DoppelPayment told us about the attack.
NOTE:: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only