The prevalence of ransomware assaults is rising year-over-year at a fast tempo, with 2021 marking a doubling within the variety of reported assaults over 2020. As ransomware assaults have develop into a outstanding and profitable type of cyberattack, a market has developed for cybercriminals to purchase and promote ransomware. Some of those criminals provide ransomware-as-a-service (RaaS), offering the infrastructure and malware required to hold out a ransomware assault. Last month, we highlighted a specific malware service that exhibits simply how straightforward it’s to get began with ransomware utilizing a Telegram bot that builds malware packages custom-tailored to customers’ wants.
RaaS isn’t only a proof of idea, however a felony enterprise mannequin working in the actual world. LockBit, a Russian-based RaaS supplier that splits ransom income with its clients, has claimed duty for a current ransomware assault on a Foxconn manufacturing plant. Foxconn is an electronics producer headquartered in Taiwan whose clients embrace Apple, Nintendo, Google, and Microsoft. The firm operates in various international locations, together with China, Mexico, and the United States, and accomplished a deal simply final month to buy a former GM plant in Ohio.
On May 31, a ransomware assault struck a Foxconn manufacturing plant situated in Tijuana, Mexico, disrupting enterprise operations. While Foxconn has not attributed the assault to any specific risk actor, the group behind the LockBit ransomware service claims to have carried out the assault. The ransomware gang has not solely encrypted recordsdata on Foxconn techniques, but additionally stolen copies of the recordsdata for itself. The group threatens to launch the recordsdata on the web if Foxconn doesn’t pay a ransom by June 11, although neither LockBit nor Foxconn have indicated what recordsdata have been stolen.
Foxconn addressed the ransomware assault within the following assertion to BleepingComputer: “It is confirmed that one of our factories in Mexico experienced a ransomware cyberattack in late May. The company’s cybersecurity team has been carrying out the recovery plan accordingly. The factory is gradually returning to normal. The disruption caused to business operations will be handled through production capacity adjustment. The cybersecurity attack is estimated to have little impact on the Group’s overall operations. Relevant information about the incident is also provided instantly to our management, clients, and suppliers.”