Threat Watch

Foxconn Facility in Mexico Affected by LockBit Ransomware

Taiwanese electronics manufacturer Foxconn has announced that operations at their Tijuana production facility in Mexico have been affected due to a ransomware incident. The attack is believed to have occurred late in May, and Foxconn stated that they’ve already begun their recovery process. The company provided a brief statement to BleepingComupter; a portion of that statement read: “The factory is gradually returning to normal. The disruption caused to business operations will be handled through production capacity adjustment. The cybersecurity attack is estimated to have little impact on the Group’s overall operations. Relevant information about the incident is also provided instantly to our management, clients, and suppliers.” While no information was given by Foxconn as to who was believed to be behind the attack or their motivation, operators behind LockBit have claimed responsibility for the attack on their site, which states they will release the data they obtained on June 11th unless their demands are met. It’s unclear at this time how much money the attackers are demanding from Foxconn, but the amount is likely not small. Less than two years ago a separate facility in Mexico ran by Foxconn was hit with DoppelPaymer and the group demanded a $34 million dollar ransom.

ANALYST NOTES

Ransomware can strike companies of any size and at any time. Certain steps can be taken to reduce the risk of becoming a victim. Some of those steps include:

• Requiring strong passwords and forced password resets along with MFA
• Use of VPN for sensitive systems
• Regularly updating software and operating systems
• Using a host-based firewall
• Maintain offline backups
• Implement a recovery plan in the event that systems are breached

https://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/