International electronics manufacturing giant Foxconn is facing a multimillion-dollar ransom demand after its facility based in Chihuahua, Mexico was recently struck by a ransomware raid.

The attack involved not only the infiltration of company systems where files were locked down with encryption, but also the exfiltration of data, with hackers stealing valuable information that had unwisely not been encrypted.

Foxconn is among the biggest firms manufacturing electronics on a global scale, with revenues recorded last year at around $172bn. With a workforce of more than 800,000 staff operating across the world, Foxconn’s subsidiary companies include well-known names such as Belkin, FIH Mobile, Innolux and the Sharp Corporation.

DoppelPaymer group strike again

Following its attack, he nefarious DoppelPaymer ransomware gang published data files that belonged to Foxconn on its dedicated leak site for exposed ransomware data. The data stolen and posted contains standard business reports and other documents but does not include any specific financial details or Personally Identifiable Information (PII) associated with Foxconn employees.

Cybersecurity sources have confirmed that the electronics giant suffered a lethal ransomware attack at an unknown time on November 29, at its CTBG MX operation, based Mexico. The Foxconn facility has been operating for 15 years and is utilised for both assembly and the shipping of electronics products across regions throughout North and South America.

On Foxconn’s web page dedicated to the CTBG MX, it describes the facility:

“Our 682,000 square ft building was established back in 2005, and is located in Ciudad Juárez, Chihuahua, Mexico, just across the border from El Paso, Texas… Foxconn CTBG MX is strategically located to support all Americas region.”

However, after the ransomware assault occurred, the Foxconn CTBG MX’s website was rendered inaccessible to visitors and displaying an error message.

Foxconn is not the first victim to fall foul of the criminal actions of the DoppelPaymer ransomware group, with previous targets successfully hit including PEMEX, Compal, California’s City of Torrance, Bretagne Télécom, Banijay Group SAS, Newcastle University and Hall County in Georgia’s hall County.

Millions demanded by ransomware operators

Ransomware operators at DoppelPaymer have claimed ownership of the attack on Foxconn’s Mexican facility but have stated that they did not strike the company as whole. The pinpoint precision attack saw the ransomware gang steal 100 gigabytes of vulnerable files left unencrypted, the deletion of approximately 30 terabytes of backups and the encryption of around 1,400 Foxconn servers. However, Dopplepaymer stated in its interview with Bleeping computer that the attack was not concerned with workstations at the facility.

Cybersecurity sources shared the actual ransom note left on the electronics giant’s servers during the attack with computer help site BleepingComputer. The ransom note contained a link to a “victim page” established on Doppelpaymer’s payment site set up specifically for Foxconn using the Tor browser. The exorbitant price demanded by the ransomware gang was 1804.0955, in bitcoin which is in the region of $34m or £25m at current bitcoin exchange rates. Cryptocurrency is the payment method of choice for ransomware groups, as it offers a largely untraceable option that is next to impossible to reclaim.