ADATA, a Taiwanese memory and storage manufacturer, suffers a massive data leak in the Ragnar Locker Ransomware attack where hackers have published download links for more than 700GB of archived data.
ADATA took down all impacted systems after detecting the attack and notified all appropriate international authorities of the incident to get hold of the attackers.
ADATA Hit by Ragnar Locker Ransomware Attack
ADATA was hit by a ransomware attack on May 23rd, 2021, where the ransomware actor published on their leak site the download links to a new set of ADATA corporate documents, warning interested parties that the links would not survive for long.
It is said that a set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, for a while.
The Ragnar Locker leak confirms, ADATA did not pay the ransom and restored the affected systems on their own. The ransomware actor claims to steal 1.5TB of sensitive files before deploying the encryption routine, saying that they took their time in the process because of the poor network defenses.
The report says, two of the leaked archives are quite large, weighing over 100GB, but several of them that could have been easily downloaded are less than 1.1GB large. The largest archive is close to 300GB and its name gives no sign about what it might contain.
Another large archive is 117GB in size and its name is just as nondescript as in the case of the first one (Archive#2).
From the name of the archive mentioned below, Ragnar Locker expected to steal from ADATA documents containing financial information, non-disclosure agreements, among other types of details.
The recently leaked batch of archives is the second one that Ragnar Locker ransomware publishes for ADATA and the previous one consists of four small 7-zip archives that can still be downloaded.
“So then, as usual, we did offer to cooperate to fix the vulnerabilities and to restore their system and of course, avoid any publication regarding this issue, however, they didn’t value much their private information, as well as partners/clients/employees/customers information” – Ragnar Locker.
Followed by the data leak, ADATA’s business operations are no longer disrupted concerning the memory maker, with affected devices being restored and services ultimate normal performance.
“The company successfully suspended the affected systems as soon as the attack was detected, and all following necessary efforts have been made to recover and upgrade the related IT security systems,” says ADATA.