Foxconn hit with DoppelPaymer ransomware attack, $34M ransom demand


Foxconn, the Taiwan-based electronics giant, suffered a ransomware attack in its Mexican facility on November 29 during the Thanksgiving weekend. The facility is primarily used for electronics assembly and shipping.  In the strategic DoppelPaymer ransomware attack, the hackers grabbed unencrypted files before encrypting the devices.

Foxconn is the largest international company manufacturing electronics. In 2019, its revenue was $172 billion. The company has over 800,000 employees all over the globe. Foxconn’s subsidiaries include FIH Mobile, Sharp Corporation, Belkin, and Innolux.

DoppelPaymer Ransomware was used

Data exfiltration is used in DoppelPaymer ransomware attacks. The attacks can have specific targets. These ransomware attacks are often strategic.

Signup for the USA Herald exclusive Newsletter

The ransomware gang confirmed they attacked a specific Foxconn facility but did not attack the whole company.  The cybercriminals claimed to have encrypted 1,200 servers, taken 100 GB of unencrypted files, and destroyed or deleted 20-30 TB of the Foxconn backup system. They demanded more than $34 million ransom in Bitcoin from Foxconn. 

“We encrypted the NA segment, not whole Foxconn, it’s about 1200-1400 servers, and not focused on workstations. They also had about 75TB’s of misc backups. What we were able to – we destroyed (approx 20-30TB),” DoppelPaymenr announced.

Foxconn released a statement confirming the attack and said they are continuing to bring all their systems back into service.

“We can confirm that an information system in the US that supports some of our operations in the Americas was the focus of a cybersecurity attack on November 29.  We are working with technical experts and law enforcement agencies to carry out an investigation to determine the full impact of this illegal activity, and to identify those responsible and bring them to justice.”

“The system that was affected by this incident is being thoroughly inspected and being brought back into service in phases,” Foxconn announced.

Other victims where DoppelPaymer ransomware was used include another Taiwanese company Compal Electronics. It has also been deployed in attacks on PEMEX (Petróleos Mexicanos), the City of Torrance in California, Newcastle University in the U.K., the Banijay Group SAS,  Bretagne Télécom, and Hall County Georgia in the U.S.

In 2020, ransomware attacks are taking place almost daily. And it is projected that they will continue in 2021


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.