“We encrypted the NA segment, not whole Foxconn, it’s about 1200-1400 servers, and not focused on workstations. They also had about 75TB’s of misc backups. What we were able to – we destroyed (approx 20-30TB),” DoppelPaymenr announced.
Foxconn released a statement confirming the attack and said they are continuing to bring all their systems back into service.
“We can confirm that an information system in the US that supports some of our operations in the Americas was the focus of a cybersecurity attack on November 29. We are working with technical experts and law enforcement agencies to carry out an investigation to determine the full impact of this illegal activity, and to identify those responsible and bring them to justice.”
“The system that was affected by this incident is being thoroughly inspected and being brought back into service in phases,” Foxconn announced.
Other victims where DoppelPaymer ransomware was used include another Taiwanese company Compal Electronics. It has also been deployed in attacks on PEMEX (Petróleos Mexicanos), the City of Torrance in California, Newcastle University in the U.K., the Banijay Group SAS, Bretagne Télécom, and Hall County Georgia in the U.S.
