The hackers that compromised the systems of electronics giant Foxconn asked for $34 million of Bitcoin (BTC) as a ransom for restoring the firm’s data—and not publishing it.
According to a Dec. 7 report by cybersecurity news outlet BleepingComputer, a Foxconn facility in Mexico suffered a ransomware attack over the Thanksgiving weekend. As part of the attack, cybercriminals stole unencrypted files before encrypting them to render them inaccessible to the victims. The firm told the news outlet:
“We can confirm that an information system in the U.S. that supports some of our operations in the Americas was the focus of a cybersecurity attack on Nov. 29. We are working with technical experts and law enforcement agencies to carry out an investigation. […] The system that was affected by this incident is being thoroughly inspected and being brought back into service in phases.”
Yesterday, ransomware group DoppelPaymer published files belonging to Foxconn on their ransomware data leak site. The data published so far is not sensitive—it includes generic business documents and reports with no financial information or employee’s personal details. This leak is intended as proof that the hackers indeed gained access to the firm’s sensitive data and will leak it to the public if the ransom is not paid.
BleepingComputer claims that sources from the cybersecurity industry have confirmed that Foxconn suffered an attack on Nov. 29 at its facility located in Ciudad Juárez, Mexico. The building in question is responsible for the assembly and shipping of electronics equipment to all regions in South and North America. The website of the facility in question has been down and shows an error to visitors since the attack.
The ransom note that the malware left accessible after encrypting Foxconn’s data is a link to the firm’s page on DoppelPaymer’s Tor payment site. There the cybercriminals demand a 1804.0955 BTC ransom—more than $34 million as of press time.
BleepingComputer interviewed DoppelPaymer, and a spokesperson of the ransomware group confirmed the attack and specified that only the Mexico facility was compromised. As part of the attack, the hackers claim to have encrypted about 1,200 servers, stole 100 GB of unencrypted files, and deleted 20-30 TB of backups. A representative of the cybercrime organization said:
“We encrypted [that specific facility], not whole foxconn, it’s about 1,200-1,400 servers, and not focused on workstations. They also had about 75 TB’s of misc backups, what we were able to—we destroyed (approx 20-30 TB).”
While interviewing a group of criminals may seem outlandish to those outsiders, legal and illegal oftentimes crosses roads in the world of cybercrime and cryptocurrencies. The anonymity in communications and payments allowed through multi-layered encrypted networks such as Tor combined with the pseudonymity allowed by cryptography and the permissionless remittances possibles with crypto is the reason why all of this is possible.
An even more odd instance took place in late October, when a group of blackhat hackers sent a significant sum of money to multiple charities, leaving some onlookers confused and recipients troubled.