‘Ragnar Locker’ Is Leaking Out Confidential Information Belonging to ADATA

By Bill Toulas / June 10, 2021

The ransomware group that goes by the name ‘Ragnar Locker’ is now leaking samples of data it allegedly stole from ADATA, the Taiwanese RAM, SSD, USB flash, and memory cards manufacturer. The actors claim to be holding 1.5 TB of confidential information that concerns employees, clients, partners, and even customers. The hackers maintain that they offered to “help” ADATA fix their vulnerabilities and restore their systems, but the company allegedly refused to cooperate, so the leaking of the first data sample was the next logical step in the extortion process.

‘Ragnar Locker’ is giving away a GitLab repository as well as contractual agreements, screenshots of accessed filesystems, proprietary files, board schematics, legal documents, non-disclosure agreements, and more. We have blurred some of these files as shown below, but in general, the package looks legit and indeed the result of a data breach onto ADATA’s network.


It has been a while since ‘Ragnar Locker’ claimed a victim that made the news, and the last time we covered an attack from the particular group was in April 2020, when EDP fell victim to the hackers. In that case, a ransom of $10.8 million was requested from Portugal’s largest electric and gas energy supplier. However, by looking into the group’s extortion page, we see clear signs of a toned-down activity, counting a total of only seven victims in 2021.


Considering that the REvil gang demanded $50 million when it compromised Acer, the ransom could be at a similar range now. ADATA is a company that employs 1,400 people, has an annual operating income of almost three billion USD, so they constitute a lucrative target for ransomware actors in general.

UPDATE 08 June 2021

An ADATA spokesperson has shared the following statement with TechNadu:

ADATA was hit by a ransomware attack on May 23rd, 2021. The company successfully suspended the affected systems as soon as the attack was detected, and all following necessary efforts have been made to recover and upgrade the related IT security systems.
Gladly things are being moved toward the normal track, and business operations are not disrupted for corresponding contingency practices are effective.
ADATA has reported this cyberattack to the international authorities to track down culprits and prevent from future hacking. We are determined to devote ourselves to making the system protected than ever, and yes, this will be our endless practice while the company is moving forward to its future growth and achievements.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari