8 December 2020

DoppelPaymer ransomware crew demands $34M from Foxconn


DoppelPaymer ransomware crew demands $34M from Foxconn

Taiwanese electronics manufacturer Foxconn has reportedly become a victim of the DoppelPaymer gang, which launched a ransomware attack at Foxconn’s Mexican facility over the Thanksgiving weekend.

As per BleepingComputer, during the attack the DoppelPaymer group stole information from the company, a portion of which they then published on their leak site. The leaked data includes generic business documents and reports but does not contain any financial data or employee's personal details.

According to sources in the cybersecurity industry, the incident occurred around November 29th, 2020, at the Foxconn CTBG MX facility located in Ciudad Juárez, Mexico. This facility is used for assembly and shipping of electronics equipment to all regions in South and North America.

According to the ransom note dropped on Foxconn’s servers, the attackers are demanding a 1804.0955 BTC ransom (approx. $34 million) from the company. When asked, the DoppelPaymer operators told BleepingComputer that they indeed targeted Foxconn's North America facility on November 29, but did not compromise the whole company. They also stated that they encrypted around 1,200 Foxconn’s servers and stole 100 GB of unencrypted files. They also claim to have destroyed 20-30 TB of backups.

“We encrypted NA segment, not whole foxconn, it's about 1200-1400 servers, and not focused on workstations. They also had about 75TB's of misc backups, what we were able to - we destroyed (approx 20-30TB),” the DoppelPaymer gang said.

Foxconn has yet to release a statement regarding the alleged security incident.

Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024