Malicious hackers claim to have hacked into the network system of the Foxconn Baja factory in Mexico on June 11. using the LockBit 2.0 ransomware to conduct the cyber-attack, the hackers threaten to expose stolen files unless the company pays a ransom.
The factory specializes in manufacturing, consumer electronics, medical devices, and industrial operations. Based in Tijuana, Mexico, near the California border, the facility is an electronics manufacturing giant employing 5,000 people.
Unfortunately, this is not the first time the company has experienced such an attack. In December 2020, the DoppelPaymer extortion gang exposed documents allegedly stolen from some of its databases in the United States. The ransomware gang demanded over $ 34 million in bitcoin to be paid as ransom.
SecurityWeek has attempted to contact the electronics manufacturer but has yet to receive a response. However, unconfirmed reports indicate that the impact of the latest ransomware attack on Foxconn’s operational technology system is still unknown.
How to Recognize a Ransomware Attack
Recently, such attacks are becoming more prevalent, with some companies such as Foxconn Baja factory experiencing repeated ransomware attacks. LockBit 2.0 attackers claimed to have acquired files from Bridgestone Americas, a tire and rubber company.
In February, the FBI published indications of compromise for LockBit 2.0 assaults to address this growing threat, stating that the ransomware’s operators often target company networks. The Ioc’s purpose is to help all companies be able to recognize a possible ransomware attack on time and also help seal all the vulnerabilities that create opportunities for attackers to exploit.
Based on several techniques and protocols, the LockBit 2.0 is usually transmitted as a RaaS, hence complicating the identification and mitigation process. The ransomware’s operators gain access to corporate network systems by either paying for access or exploiting unencrypted flaws, zero-day breaches, or insider access.
Privilege escalation is accomplished using publicly available tools like Mimikatz once within a network. Data is exfiltrated using an off-the-shelf and custom program to activate the LockBit ransomware in encrypting the victim’s files.
The attackers leave a ransom letter in the compromised directories to give the victim information on how to get a decryption tool. They often threaten to leak the stolen data online if the victim fails to pay the ransom demanded.
How to Prevent Ransomware Attacks
Unfortunately, many businesses do not take this issue seriously. After a severe ransomware assault has hit them, they devote the necessary time and money to strengthening their cyber security defenses.
Since prevention is better than cure, it is essential not to wait until It’s too late to take precautionary measures. Here are 6 preventive measures that companies can adopt to keep hackers at bay.
- Employees should undergo frequent cyber security awareness programs to keep them up to date on the latest cyber risks and how to recognize an attack in its early stages.
- Authorization to install or run systems and applications should be restricted for users. The malware’s capacity to increase over a network may be limited.
- Antivirus software should be active on all devices and regularly update the software while making sure fixes are executed.
- To detect attacks, scan all emails and conduct regular data backups.
- To reduce the chance of infiltration, use proper security practices such as never browsing links and downloading files from unknown sources.
- Configure firewalls to prevent rogue IP addresses from gaining access. For added account protection, use strong passwords and activate multi-factor authentication.
Hackers have modified their techniques and are now focusing their efforts on organizations with a significantly better return on investment rather than targeting individuals, as is evident in the repeated ransomware attacks on the Foxconn factory.
Therefore, all organizations need to be vigilant and reduce the risk of ransomware by strengthening their overall cyber defenses. They can also supplement their current cybersecurity defenses to promptly detect these threats and respond appropriately to avoid being victims.