Foxconn plant in Mexico struck in DoppelPaymer ransomware attack
Hon Hai Precision Industry Co., better known as Foxconn, has been struck by a ransomware attack that briefly caused issues at its production facilities in Mexico and resulted in data stolen.
First reported Monday by Bleeping Computer, the ransomware attack occurred over the Thanksgiving weekend and involved the infamous DoppelPaymer gang. The attack, which targeted the Foxconn plant in Ciudad Juárez, Chihuahua, infected approximately 1,200 servers, with the theft of 100 gigabytes of unencrypted files. The ransomware attack also resulted in the deletion of 20 to 30 terabytes of backup data.
The DoppelPaymer gang is said to have demanded a ransom payment of 1804.0955 bitcoin ($32.97 million) in return for an encryption key and a promise not to release the stolen data. Foxconn didn’t pay and at least some of the data has now been published on the dark web, a shady part of the internet reachable with a special browser.
“Our team had access to Doppel ransomware website on the deep web where they publish their victims’ stolen data and we can confirm that they have published data about Foxconn Technology Group,” Gustavo Palazolo, security researcher at secure access company Appgate, told SiliconANGLE. “By looking at the list of organizations/targets from this and other threat groups behind large ransomware operations, we found a very diverse list of targets, so we have the impression that the threat actors are trying to make money no matter the type or size of the organization.”
Reuters reported that services at the facility have gradually returned to normal, though the website for the plant remains offline. Foxconn’s facilities in Mexico primarily make televisions and servers. The company is also looking to expand its manufacturing in the country because of the U.S.-China trade war. Brands manufactured at the plant include Belkin and Sharp, both of which are owned by Foxconn.
Recent DoppelPaymer ransomware victims include Endemol Shine, the global production company behind television shows such as “Big Brother,” “MasterChef” and “The Voice” in November and an attack on Mexican state-owned petroleum company Petróleos Mexicanos, known as Pemex, in November 2019.
Ilia Kolochenko, founder and chief executive of web security company IllumniWeb, noted that the incident clearly indicates that ransomware mostly exploits major cybersecurity failures such as lack of internal network segregation.
“Allegedly, the attackers managed to compromised over 1,000 servers and delete all backups,” Kolochenko said. “If true, this is an unambiguous indicator of gross negligence and absence of the most fundamental security controls. It’s unlikely any cybersecurity insurance will ever pay a cent for the damages under the circumstances, while the victim will likely have a solid claim against IT and security vendors in charge of its network management.”
Photo: Nadkachna/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.