Last December, electronics manufacturer Foxconn in Mexico was struck with a ransomware attack from the DoppelPaymer gang, which infected over 1,000 servers. Attackers demanded a a 1804.0955 BTC bitcoin ransom (approximately $34 million).

Julian Lee recently spoke to two security experts on the subject.

Gustavo Palazolo, Security Researcher, Appgate

Our team had access to Doppel ransomwares’ website on the deep web, where they publish their victims stolen data, and we could confirm that they have published data about Foxconn Technology Group. By looking at the list of organizations\targets from this and other threat groups behind large ransomware operations, we found a very diverse list of targets, so we have the impression that the threat actors are trying to make money no matter the type or size of the organization. Most of these groups work in the RaaS (Ransomware-as-a-Service) model, which will continue to increase the list of companies compromised. A great example is Egregor, when our team first analyzed this threat, there was only 6 companies in their “wall of shame” website. At this time, there are more than 150 companies that are not necessarily related by industry.

Eldon Sprickerhoff, Founder and Chief Innovation Officer, eSentire

Manufacturers are a specifically attractive target; especially if they’re able to disrupt operations.  Manufacturers can tell you what the impact is (from an hourly perspective) when they’re down.

They state that they were hit on Thanksgiving weekend: attackers these days have a tendency to “lay low” and establish broad connectivity, get embedded into the backup cycle, gather information to exfiltrate, and then on a weekend (or a long weekend) initiate broad ransomware attacks.

The ransom itself seems rather large (34m); there comes a point where the company itself might prefer to just “bite the bullet” and start to rebuild from greenfield.  This could help to retire any “tech debt” they might have had before.