Ransomware Gang Demands $34 Million in Bitcoin from Foxconn

Even multinational tech companies, which understand firsthand the value of cybersecurity, can be targeted by ransomware groups.

Foxconn, a publicly traded electronics and tech company headquartered in Taiwan, was hit by a ransomware attack on November 29, according to reporting from information security news site Bleeping Computer. 

The hackers responsible say they encrypted data related to its North American operations and have told Foxconn to pay roughly 1,804 Bitcoin (currently worth about $34.5 million) for a decryption tool. 

A ransom note from the hackers, a group known as DopperPaymer, stated, “If no contact made in 3 business days after the infection[,] first portion of data will be shared to public.”

Given that the deadline was last week, Foxconn has presumably reached out to the hackers. Decrypt has emailed the company for details but has yet to receive a response.

The attack reportedly hit at the tech giant’s Mexican facility for electronics assembly and shipping. In an interview with Bleeping Computer, DoppelPaymer said it has encrypted “about 1200-1400 servers” and had destroyed up to 30 TB of backups in a bid to force Foxconn’s hand.

Though it doesn’t necessarily carry BTC on its balance sheet, Foxconn is familiar with the technology behind Bitcoin. It has invested in blockchain startups such as Abra, a crypto investment platform for non-accredited types, as well as Cambridge Blockchain, a digital identity firm.

The $34 million in Bitcoin it’s being asked to pay is a drop in the bucket. IT security company BlackFog recorded 28 ransomware attacks in November alone, including against Mattel toy company, Manchester United Football Club, and Baltimore Public Schools.

Still, depending on the data, it might be cheaper to ignore DopperPaymer. According to research from Sophos, on average, it costs attacked companies twice as much to pay the ransom as it does to get the data back by other means.