ransomware attack on Foxconn

A ransomware attack on one of Foxconn’s Mexico-based production factories occurred in late May, according to the electronics maker. The organisation could not offer any information about the attackers, but the LockBit ransomware gang claimed responsibility for the incident.

Foxconn has three manufacturing plants in Mexico that create PCs, LCD TVs, mobile devices, and set-top boxes that were previously manufactured by Sony, Motorola, and Cisco Systems. The targeted Foxconn factory is in Tijuana, Mexico, and is a crucial facility that serves as a critical supply hub for California, a major electronics consumer in the United States.

According to a statement provided to BleepingComputer, the impact on Foxconn’s overall operations would be limited, and the recovery will proceed according to a pre-determined plan.

The following is a quote from a business spokesperson:

“It has been established that one of our Mexican facilities was the victim of a ransomware incident in late May. The cybersecurity team at the organisation has been following the recovery plan to the letter.

The factory is gradually resuming normal operations. Production capacity adjustments will be used to address the disruption to business operations.The Group’s general activities are expected to be unaffected by the cybersecurity incident. Our management, clients, and suppliers are all given immediate access to pertinent information concerning the occurrence.” – Foxconn Technology Group

LockBit strikes

On May 31, the LockBit ransomware operation claimed responsibility for the hack, threatening to release data seized from Foxconn unless a ransom is paid by June 11.

LockBit claiming Foxconn as victim
LockBit claiming Foxconn as victim (KELA)

This indicates that the fraudsters may still be in talks with the company and are hoping to reach a deal.

LockBit’s demands are yet unknown, but given that the gang often targets successful organisations that can pay greater ransoms, they are expected to be rather large. The attacker hasn’t revealed what data they have, but they normally try to exfiltrate valuable information that can be used to force the victim to pay.

LockBit may have important schematics and technical drawings that comprise intellectual property disclosed under non-disclosure agreements because Foxconn produces a variety of consumer electronic goods for a variety of companies. In less than two years, Foxconn’s factory in Tijuana has been the target of a ransomware attack. The DoppelPaymer ransomware group declared in December 2020 that it had infected the company’s CTBG MX facility in Ciudad Juárez.

 The attackers claimed to have taken 100GB of data, encrypted between 1,200 and 1,400 servers, and destroyed 20 to 30TB of backup data in exchange for a $34 million ransom.