DopplePaymer attacks the faxconn electronics, asking $34 million ransom
Foxconn, the largest electronics manufacturing company, suffered a ransomware attack at a Mexican facility. The attackers managed to steal all unencrypted data before the files encryption.
The global electronics manufacturing company with a recorded over $172 billion revenue in 2019 has a total 800, 000 employees worldwide. Sharp Corporation, Innolux, FIH Mobile and Belkin are some subsidiaries of this company.
It is rumored that the attack occurred over the Thanksgiving weekend. Since then, the company site has been down and shown an error while opening it.
DopplePaymer ransomware published a file belongs to Foxconn NA on its data leak site today. This file contains generic business documents and reports. It does not contain financial information or employee’s personal details.
According to Cyber security researchers, the Foxcoon suffered the attack around 29th November, 2020 at their Foconn CTBG MX facility, located in Ciudad Juarez, Mexico.
The Foxconn CTBG MX web page describes this facility as: “Our 682,000 square ft building was established back in 2005, and is located in Ciudad Juárez, Chihuahua, Mexico, just across the border from El Paso, Texas. [..] Foxconn CTBG MX is strategically located to support all Americas region.”
Sources have shared the ransom note that the ransomware created on the Fonconn server. Included ransom note contains a link to Foxconn’s victim page on DopplePaymer’s Tor payment site where the crooks demand a ransom amount 1804.0955 BTC ransom, or approximately $34,686,000 at today’s bitcoin prices.
Only theFaxconn’s North American facility got affected during the attack not the whole company. As a part of the attack, the threat actors claimed to have encrypted total 1200 services, stolen 100 GB unencrypted data and deleted 20-30 TB of backups.
DoppelPayment told about the attack, “We encrypted NA segment, not whole foxconn, it’s about 1200-1400 servers, and not focused on workstations. They also had about 75TB’s of misc backups, what we were able to – we destroyed (approx 20-30TB).”
Faxconn confirmed about the attack and said they are trying bringing their systems back into service; “We can confirm that an information system in the US that supports some of our operations in the Americas was the focus of a cybersecurity attack on November 29. We are working with technical experts and law enforcement agencies to carry out an investigation to determine the full impact of this illegal action and to identify those responsible and bring them to justice. The system that was affected by this incident is being thoroughly inspected and being brought back into service in phases.”