Compal, a Taiwanese electronics company that builds laptops for some of the world’s largest computer brands, suffered a ransomware attack over the weekend.
Responsible for the breach is believed to be the DoppelPaymer ransomware gang, according to a screenshot of the ransom note shared by Compal employees with Yahoo Taiwan reporters.
Employees arriving at work were greeted by a memo from Compal’s IT staff, asking workers to check the status of their workstations and back up important files on systems that were not impacted.
Since Sunday, Compal’s IT staff has been reinstalling encrypted workstations.
Compal exec denies ransomware attack, admits hack
Despite reports in local media, in a statement provided to United News Network reporters on Monday, Compal Deputy Manager Director Qingxiong Lu admitted that the company suffered a security breach but denied that the company’s recent downtime was caused by ransomware.
“[Compal] is not being blackmailed by hackers as it is rumored by the outside world,” the Compal exec told reporters.
Furthermore, Qingxiong said the incident only impacted the company’s internal office network and that Compal production lines, which build laptops for other companies, have not been impacted.
Qingxiong estimated the company would be back to normal later today, on Monday, when staff is expected to finish restoring all the systems that have been impacted by what he described as “abnormalities.”
Compal is today’s second-largest contract laptop manufacturer in the world after Quanta Computer, another Taiwanese company.
In the past, Compal has produced laptops for companies like Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu. Besides laptops, the company also builds monitors, tablets, smartwatches, smart TVs, and other computer peripherals.
Compal is the third major Taiwanese plant hit by ransomware gangs this year. Taiwan’s state-owned energy company, CPC Corp., was hit by the ColdLocker ransomware in May, while the Taiwanese plant of US smartwatch maker Garmin was hit by the WastedLocker ransomware in July.