Ransomware

Computer Storage Chip Maker ADATA Suffers 700 GB Data Leak In Ragnar Locker Ransomware Attack

ADATA, a Taiwanese memory and storage manufacturer, suffers a massive data leak in the Ragnar Locker Ransomware attack where hackers have published download links for more than 700GB of archived data.

ADATA took down all impacted systems after detecting the attack and notified all appropriate international authorities of the incident to get hold of the attackers.

ADATA Hit by Ragnar Locker Ransomware Attack

ADATA was hit by a ransomware attack on May 23rd, 2021, where the ransomware actor published on their leak site the download links to a new set of ADATA corporate documents, warning interested parties that the links would not survive for long.

It is said that a set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, for a while.

The Ragnar Locker leak confirms, ADATA did not pay the ransom and restored the affected systems on their own. The ransomware actor claims to steal 1.5TB of sensitive files before deploying the encryption routine, saying that they took their time in the process because of the poor network defenses.

The report says, two of the leaked archives are quite large, weighing over 100GB, but several of them that could have been easily downloaded are less than 1.1GB large. The largest archive is close to 300GB and its name gives no sign about what it might contain.

Another large archive is 117GB in size and its name is just as nondescript as in the case of the first one (Archive#2).

From the name of the archive mentioned below, Ragnar Locker expected to steal from ADATA documents containing financial information, non-disclosure agreements, among other types of details.

Data leak

The recently leaked batch of archives is the second one that Ragnar Locker ransomware publishes for ADATA and the previous one consists of four small 7-zip archives that can still be downloaded.

“So then, as usual, we did offer to cooperate to fix the vulnerabilities and to restore their system and of course, avoid any publication regarding this issue, however, they didn’t value much their private information, as well as partners/clients/employees/customers information” – Ragnar Locker.

Followed by the data leak, ADATA’s business operations are no longer disrupted concerning the memory maker, with affected devices being restored and services ultimate normal performance.

“The company successfully suspended the affected systems as soon as the attack was detected, and all following necessary efforts have been made to recover and upgrade the related IT security systems,” says ADATA.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

REF7707 Hackers Attacking Windows & Linux Machines Using FINALDRAFT Malware

A sophisticated hacking campaign has been unveiled recently by Elastic Security Labs, dubbed "REF7707," which…

34 minutes ago

New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…

2 hours ago

RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access

Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…

4 hours ago

AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…

4 hours ago

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …

5 hours ago

WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…

9 hours ago