LockBit Ransomware Gang Strikes Foxconn Factory Disrupting Operations
The prevalence of ransomware attacks is rising year-over-year at a rapid pace, with 2021 marking a doubling in the number of reported attacks over 2020. As ransomware attacks have become a prominent and lucrative form of cyberattack, a market has developed for cybercriminals to buy and sell ransomware. Some of these criminals offer ransomware-as-a-service (RaaS), providing the infrastructure and malware required to carry out a ransomware attack. Last month, we highlighted a particular malware service that shows just how easy it is to get started with ransomware using a Telegram bot that builds malware packages custom-tailored to users’ needs.
RaaS isn’t just a proof of concept, but a criminal business model operating in the real world. LockBit, a Russian-based RaaS provider that splits ransom profits with its customers, has claimed responsibility for a recent ransomware attack on a Foxconn production plant. Foxconn is an electronics manufacturer headquartered in Taiwan whose customers include Apple, Nintendo, Google, and Microsoft. The company operates in a number of countries, including China, Mexico, and the United States, and completed a deal just last month to purchase a former GM plant in Ohio.
RaaS isn’t just a proof of concept, but a criminal business model operating in the real world. LockBit, a Russian-based RaaS provider that splits ransom profits with its customers, has claimed responsibility for a recent ransomware attack on a Foxconn production plant. Foxconn is an electronics manufacturer headquartered in Taiwan whose customers include Apple, Nintendo, Google, and Microsoft. The company operates in a number of countries, including China, Mexico, and the United States, and completed a deal just last month to purchase a former GM plant in Ohio.
On May 31, a ransomware attack struck a Foxconn manufacturing plant located in Tijuana, Mexico, disrupting business operations. While Foxconn has not attributed the attack to any particular threat actor, the group behind the LockBit ransomware service claims to have carried out the attack. The ransomware gang has not only encrypted files on Foxconn systems, but also stolen copies of the files for itself. The group threatens to release the files on the internet if Foxconn doesn’t pay a ransom by June 11, though neither LockBit nor Foxconn have indicated what files were stolen.
Foxconn addressed the ransomware attack in the following statement to BleepingComputer: “It is confirmed that one of our factories in Mexico experienced a ransomware cyberattack in late May. The company's cybersecurity team has been carrying out the recovery plan accordingly. The factory is gradually returning to normal. The disruption caused to business operations will be handled through production capacity adjustment. The cybersecurity attack is estimated to have little impact on the Group's overall operations. Relevant information about the incident is also provided instantly to our management, clients, and suppliers.”
Foxconn addressed the ransomware attack in the following statement to BleepingComputer: “It is confirmed that one of our factories in Mexico experienced a ransomware cyberattack in late May. The company's cybersecurity team has been carrying out the recovery plan accordingly. The factory is gradually returning to normal. The disruption caused to business operations will be handled through production capacity adjustment. The cybersecurity attack is estimated to have little impact on the Group's overall operations. Relevant information about the incident is also provided instantly to our management, clients, and suppliers.”
