Cyber Incident Victim: Compal Electronics

The ransomware attack on Compal Electronics was discovered on the morning of November 8, 2020, when systems across the Taiwanese laptop manufacturer's infrastructure became compromised. The DoppelPaymer ransomware gang encrypted files on more than 25% of the company's computers, significantly disrupting internal operations. Attackers left ransom notes demanding payment of 1,100 Bitcoin (approximately $16.7 million at the time) in exchange for decryption keys. Compal employees arriving for work on Monday, November 9 were notified of the incident and instructed to back up their files, indicating ongoing recovery efforts. Initial reports confirmed that manufacturing systems remained unaffected by the encryption, preventing direct production line interruptions. Taiwanese media outlets obtained and published details of the ransom demand before Compal issued any official public statement about the breach.

This incident occurred amid heightened global ransomware activity by the DoppelPaymer group, which had previously targeted German IT firm Software AG in October 2020 and compromised a German hospital in September. The hospital attack resulted in critical system failures that forced patient diversions, including one fatality when emergency care was delayed. Healthcare institutions in the United States and United Kingdom were simultaneously combating Ryuk ransomware campaigns during this period. Compal's infection represented one of the largest known ransomware demands against a manufacturing firm at that time, though the company did not publicly disclose whether it negotiated with attackers or paid any ransom. The operational impact was confined to administrative and non-production systems according to available reports, with no evidence of data exfiltration being mentioned in initial disclosures.