Foxconn: Mexico factory operations 'gradually returning to normal' after ransomware attack

Tech manufacturing giant Foxconn said its factory in Mexico is slowly returning to normal after a ransomware attack crippled the facility in May. 

The LockBit ransomware group claimed to have attacked the company’s offices in Tijuana last month. They threatened to leak the data stolen during the attack by June 11. 

A spokesperson from the Taiwanese company confirmed the attack. 

“The company's cybersecurity team has been carrying out the recovery plan accordingly. The factory is gradually returning to normal,” the spokesperson said. 

“The disruption caused to business operations will be handled through production capacity adjustment. The cybersecurity attack is estimated to have little impact on the Group’s overall operations. Relevant information about the incident is also provided instantly to our management, clients, and suppliers.”

Foxconn – one of the largest employers on the planet – produces hardware for most of the world’s biggest tech companies including Apple, Sony, Google and more. The Tijuana plants produce much of the company’s stock headed for U.S. markets. 

The company’s Mexico operations were previously hit with a ransomware attack in 2020 by the DoppelPaymer gang, which demanded a $34 million ransom at the time, according to BleepingComputer

The DoppelPaymer attack hit the company’s facilities in Ciudad Juárez, Chihuahua and involved the infection of about 1,200 servers. The group stole about 100 GB of files. Foxconn did not pay the exorbitant ransom and some of the data was leaked on the dark web. 


The LockBit ransomware group has attacked several high profile victims in recent weeks, including the office of the Secretary of State for Finance of Rio de Janeiro and Canadian fighter jet supplier Top Aces. The group also made waves with an attack on a popular German library service

LockBit continues to be one of the most prolific active ransomware groups, with hundreds of attacks over the last year. They have attacked at least 650 organizations so far this year, according to data collected by Recorded Future. 

The group has been operating since September 2019 and was a marginal player before developing a new version of their Ransomware-as-a-Service platform, called LockBit 2.0.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.