[BreachExchange] Second largest laptop ODM Compal hit with ransomware attack

Fri Nov 13 10:32:46 EST 2020

https://www.techspot.com/news/87545-second-largest-laptop-odm-compal-hit-ransomware-attack.html

In a nutshell: Hackers are demanding $17 million from Taiwan-based
Compal Electronics. Over the weekend, attackers allegedly hit the
laptop design firm with DoppelPaymer ransomware. The company denied
initial news accounts saying it was just a glitch, but a recovered
ransom note seems to prove reports were accurate.

Taiwan news outlets reported that original design manufacturer (ODM)
Compal Electronics suffered a ransomware attack on Sunday. Compal is
the second-largest laptop designer in the world. Some of the firm's
clients include Apple, HP, Dell, Lenovo, and Acer.

Compal's deputy managing director Lu Qingxiong denied the reports on
Monday, saying it was just a glitch in its office systems. Taiwan news
outlet UDN noted:

"Lu Qingxiong said that the main reason was an abnormality in the
office automation system. The company suspected of being invaded by
hackers. It has urgently repaired most of it and is expected to return
to normal today. Lu Qingxiong emphasized that Compal is not being
blackmailed by hackers, as is reported by the outside world, and
everything is currently normal in production."

However, Bleeping Computer claims that it obtained a ransom note from
an unnamed source confirming that attackers did indeed hit Compal with
ransomware. The readme file follows the format used by DoppelPaymer
ransomware.

DoppelPayer has primarily been used on large enterprise targets. After
obtaining admin credentials, the attackers gain access to a Windows
domain controller and then spread the ransomware to all network
devices.

Digging into the payment site listed in the ransom note revealed that
the hackers were demanding $16,725,500 (1100 bitcoin) for the
decryptor. The demand letter also mentioned that the group would
release unencrypted files to one or more dark websites if the company
did not pay the extortion within 72 hours.

Compal has not responded to Bleeping Computer's evidence of the attack.