- ‘Rangnar Locker’ appears to have compromised ADATA, as they are now leaking the first samples.
- The ransomware group is holding confidential information and sensitive documents on clients, customers, and partners.
- ADATA hasn’t confirmed any data breaches or security incidents yet, but the leaked files look legit.
The ransomware group that goes by the name ‘Ragnar Locker’ is now leaking samples of data it allegedly stole from ADATA, the Taiwanese RAM, SSD, USB flash, and memory cards manufacturer. The actors claim to be holding 1.5 TB of confidential information that concerns employees, clients, partners, and even customers. The hackers maintain that they offered to “help” ADATA fix their vulnerabilities and restore their systems, but the company allegedly refused to cooperate, so the leaking of the first data sample was the next logical step in the extortion process.
‘Ragnar Locker’ is giving away a GitLab repository as well as contractual agreements, screenshots of accessed filesystems, proprietary files, board schematics, legal documents, non-disclosure agreements, and more. We have blurred some of these files as shown below, but in general, the package looks legit and indeed the result of a data breach onto ADATA’s network.
It has been a while since ‘Ragnar Locker’ claimed a victim that made the news, and the last time we covered an attack from the particular group was in April 2020, when EDP fell victim to the hackers. In that case, a ransom of $10.8 million was requested from Portugal’s largest electric and gas energy supplier. However, by looking into the group’s extortion page, we see clear signs of a toned-down activity, counting a total of only seven victims in 2021.
Considering that the REvil gang demanded $50 million when it compromised Acer, the ransom could be at a similar range now. ADATA is a company that employs 1,400 people, has an annual operating income of almost three billion USD, so they constitute a lucrative target for ransomware actors in general.