Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label ADATA. Show all posts

ADATA: RansomHouse Cyberattack Result of a Leak of 2021 Data


Taiwanese chip manufacturer ADATA denies all allegations of a RansomHouse cyberattack. This is following the announcement that threat actors began posting stolen data on a leak website belonging to the data leak group. 

Earlier this week, the RansomHouse gang added ADATA files to their data leak site. In this leak, they claimed they had taken 1TB worth of documents during a cyberattack in the year 2022. To demonstrate how much information the gang had staked, the threat actors posted samples of supposed stolen files that appear to be from ADATA. 

"Based on several technical methods of checking, we believe what Ransomhouse alleged was fake data and that it was stolen by Ragnar Locker in 2021, which is all confirmed by ADATA's spokesperson," said BleepingComputer in an email. 

ADATA implemented effective methods to provide strong security following the Ragnar Locker attack in 2021. Since then, no attack on ADATA has been successful, and no confidential information about ADATA was leaked. 

It can be stated that based on the comparison of the timestamps for the data shared by RansomHouse and the data that Ragnar Locker leaked in June 2021, both sets of stolen data had similar timestamps, which meant that both files were no older than May 2021 when compared to the timestamps for the data shared by RansomHouse. 

The company added that RansomHouse left no ransom notes on their servers that would demonstrate that an attack had been conducted against their servers. Ransom House maintains that they have taken advantage of ADATA recently through a data theft attack and that they have negotiated with the company regarding the stolen data. 

RansomHouse - who are they? 


After the release of SLGA's files in 2021, RansomHouse's extortion operation ended when it leaked the passwords of its first victim, the Saskatchewan Liquor and Gaming Authority (SLGA). Although the threat actors claim that they don't use any ransomware in their attacks, the White Rabbit ransom notes link the encryption attacks to Ransom House. 

This is a key part of the Ransom House attack. In the latest attack, RansomHouse appears to have claimed responsibility for attacks on eight Italian municipalities. A ransomware attack occurred as a result of this incident and the encryption of files with a .mario extension was appended and a ransom note leaving a greeting of, "Buongiorno to my lovely Italy" appeared on affected computers. 

The RansomHouse operation has also targeted other high-profile companies, such as AMD and Shoprite Holdings, one of Africa's largest supermarket chains, as well as large governments.

Chip Maker ADATA Attacked by Ragnar Locker Ransomware Group

 

ADATA, a Taiwan-based leading memory and storage manufacturer, was forced to take its systems offline after a ransomware attack crippled its network in late May. 

ADATA is known for manufacturing superior DRAM memory modules, NAND nonvolatile storage cards, mobile accessories, gaming products, diversion products, wattage trains, and industrial solutions.

ADATA admitted in an email to Bleeping Computer that it was hit by a ransomware attack on May 23, 2021, and responded by shutting down the impacted systems and notifying all relevant international authorities of the ransomware attack. However, the firm claims that its business operations are no longer disrupted and that it is busy restoring the affected devices. 

ADATA didn’t offer info on the ransomware operation behind the incident or any ransom demands. However, Bleeping Computer says that the Ragnar Locker ransomware gang has already taken the responsibility for the ADATA attack. In fact, Ragnar Locker says that they have allegedly taken one 1.5TB of sensitive information from ADATA’s computers before deploying the ransomware. 

So far, the ransomware gang has posted screenshots of the stolen files in order to prove their claims. However, they’re threatening to leak the rest of the data if the memory manufacturer does not pay the ransom. Chip manufacturers have become a lucrative target for ransomware operators, who can use the threat of downtime, which can prove to be a lot more costly in these turbulent times than the ransom, as another bargaining chip.

Security researchers discovered the Ragnar Locker ransomware in late December 2019. The gang operates by targeting enterprise endpoints and terminating remote management computer code (such as ConnectWise and Kaseya) installed by managed service suppliers (MSPs) to manage clients’ systems remotely.

In November 2020, the FBI said that Ragnar Locker Ransomware targeted "cloud service providers, communication, construction, travel, and enterprise software companies." The attack on ADATA is significant also because of its timing, as it comes in the midst of the ongoing chip shortage. With manufacturers struggling to keep pace with the demands, any downtime could further delay the industry's recovery. 

ADATA stated to BleepingComputer that it is "determined to devote ourselves making the system protected than ever, and yes, this will be our endless practice while the company is moving forward to its future growth and achievements."