{
	"id": "f30da2e2-5945-4850-befc-cb493dd97d9b",
	"created_at": "2026-04-06T00:14:57.550363Z",
	"updated_at": "2026-04-10T13:11:45.76337Z",
	"deleted_at": null,
	"sha1_hash": "3c29058c267bbea0935141640075bc12d6e67d07",
	"title": "Foxconn confirms ransomware attack disrupted production in Mexico",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2062012,
	"plain_text": "Foxconn confirms ransomware attack disrupted production in Mexico\r\nBy Bill Toulas\r\nPublished: 2022-06-02 · Archived: 2026-04-05 21:44:57 UTC\r\nFoxconn electronics manufacturer has confirmed that one of its Mexico-based production plants has been impacted by a\r\nransomware attack in late May.\r\nThe company did not provide any info on the group responsible for the attack but operators of the LockBit ransomware gang\r\nclaimed responsibility.\r\nFoxconn operates three facilities in Mexico, which produce computers, LCD TVs, mobile devices, and set-top boxes,\r\nformerly used by Sony, Motorola, and Cisco Systems.\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe attacked Foxconn factory is located in Tijuana, Mexico, and is considered a strategic facility that acts a critical supply\r\nhub for the U.S. state of California, a significant electronics consumer.\r\nIn a statement to BleepingComputer, Foxconn has assured that the impact on its overall operations will be minimal, and the\r\nrecovery will unfold according to a pre-determined plan. A company spokesperson provided the following comment:\r\n\"It is confirmed that one of our factories in Mexico experienced a ransomware cyberattack in late May. The company's\r\ncybersecurity team has been carrying out the recovery plan accordingly.\r\nThe factory is gradually returning to normal. The disruption caused to business operations will be handled through\r\nproduction capacity adjustment. The cybersecurity attack is estimated to have little impact on the Group's overall operations.\r\nRelevant information about the incident is also provided instantly to our management, clients, and suppliers.\" - Foxconn\r\nLockBit strikes\r\nLockBit ransomware operation claimed the attack on May 31 by publishing a threat to leak data stolen from Foxconn unless\r\na ransom is paid by June 11.\r\nLockBit claiming Foxconn as victim (KELA)\r\nThis means that negotiations may not be completely over and the cybercriminals still hope to come to an agreement with the\r\ncompany. LockBit's demands remain unknown at the moment but they are likely to be quite large, given that the gang\r\ntypically targets successful companies that can pay larger ransoms.\r\nThe attacker has not given any hint about the data they hold but they usually look to exfiltrate valuable information that\r\ncould be used as leverage for the victim to pay.\r\nSince Foxconn produces various consumer electronic products for many brands, LockBit might hold valuable schematics\r\nand technical drawings that constitute intellectual property shared under non-disclosure agreements.\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/\r\nPage 3 of 4\n\nFoxconn's factory in Tijuana is the second one hit by a ransomware attack in less than two years. In December 2020, the\r\nDoppelPaymer ransomware group announced that it hit the company's CTBG MX facility in Ciudad Juárez.\r\nThe attackers asked for a $34 million ransom and claimed to have stolen 100GB of data, encrypted between 1,200 and 1,400\r\nservers and destroyed 20 to 30TB of backup data.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/foxconn-confirms-ransomware-attack-disrupted-production-in-mexico/"
	],
	"report_names": [
		"foxconn-confirms-ransomware-attack-disrupted-production-in-mexico"
	],
	"threat_actors": [],
	"ts_created_at": 1775434497,
	"ts_updated_at": 1775826705,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3c29058c267bbea0935141640075bc12d6e67d07.pdf",
		"text": "https://archive.orkl.eu/3c29058c267bbea0935141640075bc12d6e67d07.txt",
		"img": "https://archive.orkl.eu/3c29058c267bbea0935141640075bc12d6e67d07.jpg"
	}
}