Hsinchu, Taiwan – December 11, 2020 – Many major media reported that Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices. The malware used in this attack is reported as DoppelPaymer ransomware.

For those people who did not know Foxconn yet, the Foxconn is the one of the largest OEM companies in the world. It has over 800,000 employees and received $172 billion revenue in 2019. Their customers are Acer, Amazon, Apple, Cisco, Dell, Intel, Microsoft, Sharp and other big brands companies.

Since Foxconn is a large company, attackers request $34 million ransom via DoppelPaymer ransomware. The following is the partial ransom note which is kindly shared by Sources in the cybersecurity industry. In this ransom note, there is a link to Foxconn’s victim page on DoppelPaymer’s Tor payment site where they are requesting a 1804.0955 BTC ransom. These BTC coins are roughly equal to $34,686,000 at today’s bitcoin prices.

The first issue is the DoppelPaymer ransomware. Actually the first virus signature of DoppelPaymer is added into the Cloud based Anti-Virus service since November 2, 2019. Of course, Lionic keep collecting virus samples from many sources and DoppelPaymer has some variants. In November 29, 2020, more virus signatures of DoppelPaymer variants are added. From the information exchange among partners, we are highly confident that almost all virus instances of DoppelPaymer are collected. Also, their virus signatures are extracted and added into Cloud based Anti-Virus service. Therefore, the products which used Lionic technology are able to detect and destroy known DoppelPaymer ransomware and its variants.

The second issue is why Foxconn is attacked since it must have adopted several big brand next generation firewalls at WAN gateway. We think Foxconn is targeted and the APT (Advanced Persistent Threat) technique is used by cyber-criminals. They somehow bypass the gateway and inject malware into LAN. Since Lionic has ability to detect DoppelPaymer, Foxconn can minimize this disaster if they deploy many Pico-UTM in many important joints of its LAN. If deployed, Pico-UTM will act as malware filter which filtered out all known malware including DoppelPaymer in those joints. The infected area will be minimized. The more joint adopts Pico-UTM, the safer Foxconn will be.

Lionic Pico-UTM 100 is a cost-effective but superior network security product. Its functions are similar to malware filter. Nowadays, putting a big firewall at WAN gateway only is not enough. You must deploy many malware filters at suitable joints of LAN for more protection. And the Pico-UTM is the best choice.

 

 

  About Lionic Corporation

Lionic Corporation is a worldwide provider of innovative Deep Packet Inspection solutions. The technologies of Lionic include the complete DPI-based software engine and related management software which offer the Security Solutions that addresses anti-virus, anti-intrusion, anti-webthreat; and the Content Management Solutions that addresses application identification, device identification, application based QoS, web content filtering, parental control.

Lionic’s security and content management solutions, cloud-based scan services and signature subscription service are widely deployed in the world already. They help service providers, network appliance manufacturers, semiconductor companies, etc. to enable the next generation of business routers, residential gateways, SD WAN edges and cloud gateways, advanced firewalls, UTMs, Smart NICs and mobile devices. Those products powered by Lionic provide better network management and protect the world’s networks from an ever increasing level of security threats.