DoppelPaymer ransomware attacked Foxconn Mexican division

Bleeping Computer reported that two weeks ago, on Thanksgiving Day, the DoppelPaymer ransomware attacked Foxconn Mexican division. Attackers demand from. the largest electronics manufacturer 34 million dollars ransom.

Recently, DoppelPaymer operators published files belonging to Foxconn NA on their website. This leak includes only business documents and reports, and does not contain any financial information or personal data of employees.

The journalists’ own sources in the information security industry confirm that Foxconn was attacked around November 29, 2020, and the target of the hackers was the Foxconn CTBG MX plant located in Ciudad Juarez, Mexico.

This facility opened in 2005 and is used by Foxconn to assemble and deliver electronic equipment to all regions of South and North America. After the attack, the site of the plant did not work and is still showing visitors an error.

Let me remind you that in the summer DopplePaymer ransomware operators hacked NASA contractor.

Also, Bleeping Computer’s own sources shared with the publication a ransom note that the ransomware left on Foxconn’s servers. As you can see from the text below, the attackers are demanding a ransom from the company in the amount of 1804.0955 BTC, that is, approximately $34,686,000 at the current exchange rate.

In a conversation with reporters, DoppelPaymer operators confirmed that they attacked Foxconn’s North American facility on November 29 and did not attempt to attack the entire company. At the same time, the attackers claim to have encrypted about 1200 servers, stole 100 GB of unencrypted files, and deleted 20-30 TB of backups.

“We encrypted NA, not the entire Foxconn, which is roughly 1200-1400 servers, plus we weren’t targeting workstations. They also had about 75 TB of different backups, which we were able to destroy about 20-30 TB”, the DoppelPayment operators say.

Foxconn representatives confirmed to the publication that the attack took place and said that specialists are now gradually returning the affected systems to work.

“We are conducting an investigation of the incident together with technical experts and law enforcement agencies to determine all the consequences of this offense and identify the perpetrators in order to bring them to justice”, — the company says.

Let me also remind you that DoppelPaymer operators published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents.