Hackers steal 300,000 files from Mexican supplier of Apple and Google

Imagine arriving at the office one day only to discover that you can’t access your documents, contracts, or administrative systems. Your operations are halted—and worse—a cybercriminal group announces it has stolen hundreds of thousands of sensitive company files. That was the reality for Manesa, a major Mexican auto parts and metalworking company that exports to major brands such as Apple, Google, General Motors, Ford, BMW, Chrysler, Audi, Philips, and Osram.

The attack was attributed to the ransomware group INC Ransom, one of the world’s most active. On its dark web portal, the group claimed to have exfiltrated over 315,000 files, nearly 90 GB of critical data, including contracts, international client records, employee files, and financial information. They gave the company three days to pay the ransom before leaking everything.

What’s at Stake in an Attack Like This?

Ransomware isn’t just about encrypted documents. The consequences go much further:

1. Paralyzed operations – Inability to access logistics and administrative data can halt exports entirely.

2. Fraud risk – Leaked financial and customer data can lead to identity theft and fraudulent transactions.

3. International exposure – Global brands like Apple and Google may be indirectly affected, amplifying reputational damage.

4. Loss of trust – Clients and partners may reconsider their relationships if they perceive a lack of cybersecurity control.

In Manesa’s case, the most alarming part was the exposure of recent operational information. Among the files the hackers leaked as a “proof of life” were internal minutes from January 2025, accident metrics, production plans, customs data, accounts receivable, and legal records. In other words, this wasn’t old data—it was current and active.

The attack could affect administrative operations and open up risks of fraud and massive leakage of confidential information. (Source: Ignacio Gómez Villaseñor)

Who Is Manesa and Why Does This Matter?

Manesa (Manufacturas Estampadas S.A. de C.V.) is a Mexican company founded in 1988 in Chihuahua. It currently operates three industrial plants with around 450 employees and annual sales of over $64 million USD. Its specialty lies in metal stamping, die-making, painting, and industrial welding—critical activities for both the automotive and tech industries.

That such a strategic player was compromised is no small matter. Manesa is embedded in global supply chains, exporting components that end up in consumer electronics and vehicles worldwide. The attack not only affects Manesa but could also ripple through its clients and suppliers across multiple countries.

Read more: Google Hit by Data Breach Following Salesforce Attacks

INC Ransom: A Known Threat Actor

INC Ransom emerged in 2023 and quickly became one of the most aggressive cybercrime groups. According to international cybersecurity firms:

1. In July 2025, they were responsible for 14% of all ransomware attacks worldwide.

2. In that month alone, they affected over 50 organizations across various industries.

3. Their method? Double extortion—stealing data, encrypting systems, demanding ransom, and leaking the data if the victim refuses to pay.

Manesa’s appearance on their victim list doesn’t surprise analysts—but it highlights a broader truth: even companies working with top-tier global clients are vulnerable without robust cybersecurity strategies.

The company has 450 employees and annual sales of more than 64 million dollars. (Source: INC Ransom)

Why Do Companies Become Easy Targets?

Several common weaknesses lead to ransomware compromises:

1. Outdated systems – Legacy software and hardware that no longer receive security patches.

2. Lack of incident response plans – Without a clear protocol, reaction is slow and chaotic.

3. Social engineering – A well-crafted phishing email can be enough to let attackers in.

4. Vulnerable supply chains – Hackers often go after smaller, less-defended providers.

5. Underestimating the threat – Believing “it won’t happen to us” is a costly mistake.

Also of interest: Vulnerability in macOS Sploitlight Leaks Apple Intelligence Data

The Ransom Dilemma: To Pay or Not to Pay?

The criminals gave Manesa three days to respond, but it’s unclear whether the company negotiated. This reflects the difficult choice ransomware victims face:

1. Paying offers no guarantees—decryption tools may not work or attackers may extort again.

2. Not paying means the data is leaked, exposing customers, employees, and partners.

Authorities and cybersecurity experts—including TecnetOne—strongly advise against paying. Ransoms only finance further attacks. The best strategy is prevention and having a solid contingency plan.

INC Ransom is one of the most active ransomware groups, with global attacks on critical sectors since 2023. (Source: Ransomware Live)

Lessons from the Manesa Attack

Despite its severity, this incident holds lessons for any company—regardless of size or sector:

1. Cybersecurity is not optional – If your business handles sensitive data or works with global clients, you’re a target.

2. Backups are vital – Immutable and secure backups can mean the difference between swift recovery and weeks of paralysis.

3. Training matters – Your employees are the first line of defense. Educate them to spot suspicious emails or behavior.

4. Early detection saves – Threat monitoring and detection tools can identify intrusions before damage escalates.

5. Rapid response is critical – Every minute counts. A clear plan and a specialized incident response team can limit damage and speed up recovery.

How TecnetOne Supports You in a Crisis

At TecnetOne, we know that a ransomware attack affects more than just systems—it impacts operations, finances, and reputation. That’s why we offer:

1. Tailored prevention plans – Custom cybersecurity strategies based on your industry and risk level.

2. Dark web monitoring – Immediate alerts if your data or credentials are leaked.

3. 24/7 incident response – Our team mobilizes in under an hour to contain, investigate, and recover.

4. Legal and compliance guidance – We help with breach notifications and damage control.

5. Ongoing training – We prepare your team to become an active part of your defense.

Conclusion

The Manesa case is a clear warning: no one is safe from ransomware. In globally interconnected supply chains, one breach can cause a domino effect across industries.

The question is no longer if your company will be targeted, but when. At TecnetOne, we help ensure your answer is clear: You’ll be ready to resist, respond, and recover—without giving in to blackmail.