Foxconn Mexico Factory Hit by Ransomware Attack

Foxconn confirmed on Friday that one of its production plants in Mexico was affected by a ransomware attack in late May. Foxconn did not provide any information about the attackers, but the ransomware group LockBit claimed responsibility.

Foxconn operates three plants in Mexico that make computers, LCD TVs, mobile devices and set-top boxes. Its main customers are Sony, Motorola and Cisco Systems.

The Foxconn factory that was attacked is located in Tijuana, Mexico, an important supply center for consumer electronics in California, and is considered a strategic facility.

Foxconn said in a statement that the ransomware attack had little impact on its overall operations and that the factory was gradually recovering:

“It was confirmed that one of our factories in Mexico suffered a ransomware cyber attack in late May, and the company’s cybersecurity team has been executing a recovery plan accordingly. The factory is gradually returning to normal.

Disruptions to business operations will be dealt with through capacity adjustments. It is estimated that the cyber security attack will have little impact on the overall operation of the Group. Information about the incident is also immediately provided to our management, customers and suppliers. “

According to Foxconn’s circular, the ransomware group LockBit launched an attack on May 31, threatening to leak data stolen from Foxconn unless Foxconn paid the ransom by June 11.

This means that ransom negotiations may not be completely over yet, with cybercriminals still hoping to strike a deal with the company. LockBit’s ransom demand is still unknown, but considering that the gang’s prey are usually successful companies with deep pockets, the ransom amount this time is likely to be in the tens of millions of dollars.

LockBit has not disclosed any information about the stolen data, but often ransomware groups steal high-value information as a bargaining chip to coerce victims into paying. Since Foxconn manufactures various consumer electronics products for many brands, LockBit 2.0 may have stolen confidential intellectual property information such as technical schematics and drawings.

Foxconn’s Mexico factory has previously suffered a major ransomware attack. In December 2020, the ransomware group DoppelPaymer attacked Foxconn’s CTBG MX facility in Ciudad Juarez. The attackers claimed to have encrypted 1200-1400 servers at the facility, stole 100 GB of unencrypted files, and deleted 20-30 TB of backups. In that attack, DoppelPaymer demanded a ransom of up to $34 million (about 1804 bitcoins).

LockBit is one of the most active and dangerous ransomware groups out there

In addition to Foxconn, LockBit has also attacked the Office of the Secretary of State for Finance in Rio de Janeiro and Top Aces, a Canadian fighter jet supplier, in the past few weeks. Other high-profile victims of LockBit 2.0 over the past few months include tire and rubber giant Bridgestone Americas, Accenture, which helped investigate LockBit 2.0’s attack on Bridgestone, and the French Ministry of Justice.

LockBit is distributed as a ransomware-as-a-service (RaaS), and the group was on the fringes until a new version of its ransomware-as-a-service platform called LockBit 2.0 was developed. LockBit 2.0 uses strategies, techniques and procedures (TTPs) including bypassing and obfuscation, making detection and mitigation very difficult.

In February, the FBI released the Indicators of Compromise (IoC) for LockBit 2.0 attacks, noting that operators of ransomware often compromise corporate networks by buying access or exploiting unpatched vulnerabilities, zero-day exploits or insider access.

Ransomware is so rampant now, making us know the importance of enterprise data security protection. Various data of an enterprise, especially core data, is the life of an enterprise. If it cannot even protect its own data, it will be difficult for an enterprise to survive. Even if a business can get back on its feet from a single ransomware attack, it is likely to be threatened by ransomware again if data protection is not done properly. In this cycle, the energy of an enterprise will also be exhausted, which will slowly die. So enterprise should do data protection with backup software, such VMware Backup, Hyper-V backup, Xenserver Backup and so on.

Related Posts