On November 29, 2020, the Taiwanese manufacturer of electronic components Foxconn was attacked by an encryption virus: the attack resulted in the theft, encryption and deletion of files on the company’s servers in Mexico, in Ciudad Juarez, according to the BleepingComputer website.

 

 

The hacker group DoppelPaymer claimed responsibility for the cyberattack, demanding $ 34.7 million in bitcoins for the return of information and posting part of the Foxconn documents on its website to confirm its intentions: “Your files, backups and shadow copies are not available until you pay for the decryptor,” says a message window that POPs up on Foxconn servers. — If you do not make any contact within three business days after encryption, the first portion of your data will be published, and all the rest will remain inaccessible to you.”

 

DoppelPaymer in a message to the BleepingComputer website provided information that as a result of the attack on November 29, about 1200 company servers were encrypted, about 100 gigabytes of data in unencrypted data were stolen and about 20-20 terabytes in backups were deleted. In addition, the Foxconn segment in North America was encrypted, and this did not affect workstations.

Foxconn opened the CTBG MX plant in 2005, which was used to build and supply electronics throughout the Americas. At this time, the company’s website remains unavailable and displays an error message.

 

The ransom message contains a link to the page about Foxconn on the DoppelPaymer site, which can be accessed via a Tor-enabled browser, and the amount of the ransom is more than 1804 bitcoins, according to BleepingComputer: “this page and your decryption key will expire 21 days after your systems are infected,” this page says. “If you transmit this link or email address, the decryption key will be permanently deleted.”

 

The hacker group DoppelPaymer also encrypted a Windows 10 system in the network of the municipality of Florence, Alabama, in may of this year: the login of the city’s system administrator was used, as the KrebsOnSecurity site provided information at the time. Then, in June, the next DoppelPaymer attack blocked the city’s email service, according to its mayor, Steve Holt.

 

It appears that the same group simultaneously hacked the networks of four other institutions within an hour’s drive of Florence, including another municipality, KrebsOnSecurity reported at the time. DoppelPaymer first demanded 378 thousand dollars. in bitcoins, but a third-party cybersecurity firm hired by the municipality was able to negotiate a price reduction to $ 291,000. in bitcoins, krebsonsecurity reported.

Leave a Reply

Your email address will not be published. Required fields are marked *

GPD Host Contacts
GPD Host Social
Pay with Confidence

Copyright © 2015 - 2020 GPD Host All right reserved.

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/blog.gpdhost.com/httpdocs/wp-includes/script-loader.php on line 2652