{
	"id": "7a4f58be-e26b-45f4-a64d-537d29de6a37",
	"created_at": "2026-04-06T00:18:43.383386Z",
	"updated_at": "2026-04-10T03:22:03.910018Z",
	"deleted_at": null,
	"sha1_hash": "b3f6ccc1644d3ce4393d9efddde1b132abf3fbd4",
	"title": "Foxconn electronics giant hit by ransomware, $34 million ransom",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2903693,
	"plain_text": "Foxconn electronics giant hit by ransomware, $34 million ransom\r\nBy Lawrence Abrams\r\nPublished: 2020-12-07 · Archived: 2026-04-05 13:04:12 UTC\r\nFoxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where\r\nattackers stole unencrypted files before encrypting devices.\r\nFoxconn is the largest electronics manufacturing company globally, with recorded revenue of $172 billion in 2019 and over\r\n800,000 employees worldwide. Foxconn subsidiaries include Sharp Corporation, Innolux, FIH Mobile, and Belkin.\r\nBleepingComputer has been tracking a rumored Foxconn ransomware attack that occurred over the Thanksgiving weekend.\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nToday, the DoppelPaymer ransomware published files belonging to Foxconn NA on their ransomware data leak site. The\r\nleaked data includes generic business documents and reports but does not contain any financial information or employee's\r\npersonal details.\r\nDoppelPaymer ransomware data leak site\r\nSources in the cybersecurity industry have confirmed that Foxconn suffered an attack around November 29th, 2020, at their\r\nFoxconn CTBG MX facility located in Ciudad Juárez, Mexico.\r\nThis facility opened in 2005 and is used by Foxconn for assembly and shipping of electronics equipment to all regions in\r\nSouth and North America.\r\n\"Our 682,000 square ft building was established back in 2005, and is located in Ciudad Juárez, Chihuahua, Mexico, just\r\nacross the border from El Paso, Texas. [..] Foxconn CTBG MX is strategically located to support all Americas region,\"\r\nthe Foxconn CTBG MX web page describes the facility. \r\nSince the attack, the facility's web site has been down and currently shows an error to visitors.\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/\r\nPage 3 of 6\n\nFoxconn CTBG MX facility website\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nAttackers demand $34 million ransom\r\nSources have also shared the ransom note created on Foxconn servers during the ransomware attack, as can be seen below.\r\nFoxconn ransom note\r\nIncluded in the ransom note is a link to Foxconn's victim page on DoppelPaymer's Tor payment site where the threat actors\r\nare demanding a 1804.0955 BTC ransom, or approximately $34,686,000 at today's bitcoin prices.\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/\r\nPage 4 of 6\n\nFoxconn victim page on DoppelPaymer's website\r\nIn an interview with DoppelPaymer, the ransomware gang confirmed that they attacked Foxconn's North America facility on\r\nNovember 29th but did not attack the whole company.\r\nAs part of this attack, the threat actors claim to have encrypted about 1,200 servers, stole 100 GB of unencrypted files, and\r\ndeleted 20-30 TB Of backups.\r\n\"We encrypted NA segment, not whole foxconn, it's about 1200-1400 servers, and not focused on workstations. They also\r\nhad about 75TB's of misc backups, what we were able to - we destroyed (approx 20-30TB),\" DoppelPayment told us about\r\nthe attack.\r\nIn a statement to BleepingComputer, Foxconn confirmed the attack and said they are slowly bringing their systems back into\r\nservice.\r\n\"We can confirm that an information system in the US that supports some of our operations in the Americas was the focus of\r\na cybersecurity attack on November 29.  We are working with technical experts and law enforcement agencies to carry out\r\nan investigation to determine the full impact of this illegal action and to identify those responsible and bring them to\r\njustice.\"\r\n\"The system that was affected by this incident is being thoroughly inspected and being brought back into service in phases,\"\r\nFoxconn told BleepingComputer.\r\nOther victims attacked by DoppelPaymer in the past include Compal, PEMEX (Petróleos Mexicanos), the City of\r\nTorrance in California, Newcastle University, Hall County in Georgia, Banijay Group SAS, and Bretagne Télécom.\r\nUpdate 12/8/20: Added statement from Foxconn.\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/\r\nPage 5 of 6\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/\r\nhttps://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/"
	],
	"report_names": [
		"foxconn-electronics-giant-hit-by-ransomware-34-million-ransom"
	],
	"threat_actors": [],
	"ts_created_at": 1775434723,
	"ts_updated_at": 1775791323,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b3f6ccc1644d3ce4393d9efddde1b132abf3fbd4.pdf",
		"text": "https://archive.orkl.eu/b3f6ccc1644d3ce4393d9efddde1b132abf3fbd4.txt",
		"img": "https://archive.orkl.eu/b3f6ccc1644d3ce4393d9efddde1b132abf3fbd4.jpg"
	}
}