The ransomware attacks do not stop. Now the electronics giant Foxconn is also among the victims. The perpetrator group has already struck several times.

The electronics giant Foxconn has become the victim of a massive hacker attack. According to several media reports, the attackers stole unencrypted files at a Mexican Foxconn branch on Thanksgiving weekend. The hackers then disabled the devices and are now demanding a ransom for the activation.


Trade Bitcoin, shares and co. at unbeatable prices – Made in Germany
Top 5 crypto currencies | 7,300 shares | 1,000 ETFs | 0 € order fee

JustTRADE is the first German provider to offer an all-in-one solution for trading in crypto currencies (Bitcoin, Ethereum, Ripple, …) shares, ETFs and certificates. The website and app are intuitively designed, offer many useful features and are suitable for both beginners and advanced traders. Best of all, there are no transaction costs or network fees.

Learn more now

Behind the attack is a ransomware group called DoppelPaymer. In the meantime they have partially published the captured files. They include confidential business documents and reports. However, financial information or personal data of Foxconn employees are not included. Since the attack, the institution’s website has been offline and displays an error message to visitors.

Various sources have already passed on the ransom demand created on Foxconn servers. According to this, the Double Paymer hackers are demanding a ransom of 1804.0955 BTC, which at the current rate is equivalent to approximately 34,686,000 US dollars.

We encrypted an N[ord]A[merika] segment, not the entire BinBot Foxconn. Approximately 1200-1400 servers and no workstations are affected. They also had about 75 TB of various backups, we were able to destroy about 20 to 30 TB,

quotes the portal from an interview with the attackers. Furthermore, Foxconn itself has commented on the ransomware attack as follows:

We can confirm that an information system in the USA, which supports some of our operations on the American continent, was at the centre of a cyber attack on 29 November. We are working with technical experts and law enforcement agencies to conduct an investigation to determine the full impact of this illegal action, identify those responsible and bring them to justice.

Already several prominent victims of ransomware
This is a typical ransomware attack in which hackers infiltrate the IT infrastructure of individuals, companies or organisations. In doing so, they encrypt sensitive information or make it inaccessible. To provide the necessary encryption tools and regain access to the data, the perpetrators demand a ransom, often in Bitcoin. Other victims of DoppelPaymer include Compal, PEMEX (Petróleos Mexicanos), the city of Torrance in California, the University of Newcastle, the Hall district in Georgia, the Banijay group SAS and Brittany Télécom.

CWT, the US travel agency, was extorted for the equivalent of $4.5 million in a similar case. He even managed to negotiate down the ransom demand in a chat with the blackmailers. Since this year, the Argentine Telecom has also been among the victims. Who is behind these two attacks, however, is unclear.