Foxconn, a leading electronics manufacturer, was attacked by ransomware over the weekend of Thanksgiving. The attackers were able to steal unencrypted data from a Mexican facility, prior to encrypting the computers.
With a turnover of $172 billion, Foxconn has become the biggest electronics production company in the world in 2019. It has more than 800,000 workers around the world. Big names like Sharp Corporation, Innolux, FIH Mobile, and Belkin are among the Foxconn affiliate firms.
The rumored Foxconne ransomware attack became apparent to the public on 7th of December when files belonging to Foxconn NA were published on the DoppelPaymer ransomware data leak site.
The data that was publically available on the leak site contains common company records and analyses but does not include financial information or personal information from the employees.
Cybersecurity sources reported that Foxconn had experienced a malware attack at its Foxconn CTBG MX facility in Ciudad Juárez, Mexico, around the date of 29th of November 2020.
The CTBG MX facility in Ciudad Juárez was opened back in 2005 and is currently responsible for the assembly and distribution of electronics equipment to North and South America. The facility is strategically located next to the border from El Paso, Texas, and is aimed at supporting all American regions.
After the attack, the Foxconn CTBG MX’s Website went down and currently displays to its visitors an error message.
Attackers seek a ransom of $34 million for decrypting Foxconn’s servers.
Numerous sources have shared the ransom notification that was displayed on Foxconn’s servers after the ransomware assault.
The ransom message includes a link that leads to Foxconn’s page on the DoppelPaymer’s Tor payment site where the cybercriminals who stand behind the attack demand a ransom of 1804,0955 BTC or about $34,686,000 at current Bitcoin rates.
The ransomware gang reported in an interview with DoppelPaymer that it targeted Foxconn’s facility in North America on 29 November, but did not strike the entire Company.
During the attack, the criminal players appear to have coded roughly 1,200 servers and have managed to steal 100 GB of uncoded files. They also have successfully removed 20-30 TB of backups as part of this assault.
Foxconn has confirmed the attack and has stated that they are getting their systems back into service steadily.
According to their statement, the target of the cyberattack that was carried out on November 29th is an information system in the US that supports some of the company’s operations in the Americas.
Currently, Foxconn is carrying out an investigation and is working closely with technical experts and law enforcement agencies in order to evaluate the full impact of the illegal act and to identify the responsible parties.
Additionally, Foxconn informed that the system that was impacted by this incident is being carefully examined and placed back into action phase by phase.