Foxconn facility in Mexico encounters ransomware attack

Earlier we mentioned that the industrial automation equipment manufacturer Advantech was under attack. The attacker opened his mouth to demand 750 bitcoins (13 million US dollars).

However, I never expected that there are hacker groups who are more open than those who attacked Advantech’s shares. For example, Foxconn’s facility in Mexico recently encountered ransomware.

According to Bleepingcomputer reports, Foxconn’s subsidiary in Mexico was attacked on Thanksgiving Day. The attackers locked at least 1,200 servers and deleted approximately 30TB of backup.

Similar to previous attacks, the hacker group has stolen some of Foxconn’s confidential data. If Foxconn does not pay the ransom, the data will be made public.

As an electronics manufacturing giant, Foxconn is naturally not bad in operation and maintenance, so Foxconn subsidiaries conduct regular data backups to deal with some special situations.

Regular backup is definitely a good habit, but it is not only necessary to back up regularly, but also to be optimistic that the backup is best isolated, otherwise, it will be like Foxconn’s Mexico factory.

The daily backup data of the Foxconn Mexico plant totals 75TB, and the attacker stated that they have done their best to completely delete the 20TB~30TB backup data.

In theory, the remaining 50TB of data can be recovered, but if the deleted backup happens to be the core data, it may be bad for Foxconn.

Because this means that if Foxconn does not pay the ransom, the data can not only be reconstructed, and it is almost impossible to decrypt the ransomware.

In the Advantech Incident, the hacker group demanded a ransom of up to 13 million US dollars. In the Foxconn Mexico plant incident, the hacker group actually asked for 1,804 bitcoins, which is about 34.68 million U.S. dollars.

According to the information revealed by the hackers, about 1,200 servers in the Foxconn Mexico plant were encrypted, and the hackers also stole about 100G of unencrypted data.

The hackers are not planning to use this data. Hackers hope to use the data to threaten Foxconn, that is, if they don’t pay the ransom, they will publish the data.

For Foxconn, the release of core data is also a headache. This ransomware developer has attacked many companies, schools, and hospitals in the past few years.

Some schools and hospitals paid a ransom to the hacker group, but this hacker group did not directly demand a high ransom as it is now.