Jump to content
  • ADATA denies RansomHouse hack, says leaked data is from 2021 attack

    alf9872000

    • 305 views
    • 2 minutes
     Share


    • 305 views
    • 2 minutes

    Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the threat actors began posting stolen files on their data leak site.

     

    The RansomHouse gang added ADATA files to their data leak site on Tuesday, claiming they stole 1TB worth of documents in a 2022 cyberattack.The threat actors also leaked samples of allegedly stolen files, which appear to belong to the company.

     

    However, in a statement to BleepingComputer, ADATA says it had not suffered a recent cyberattack and that the leaked files are from a May 2021 RagnarLocker ransomware attack when 1.5 TB of data was stolen.

     

    "By several technical ways check, we are confident what Ransomhouse claimed are fake and those data has been stolen by Ragnar Locker in 2021," a spokesperson for ADATA told BleepingComputer.

     

    "After the hit by Ragnar Locker in 2021, ADATA retained information security experts and implemented effective methods to set up strong protection.  Since then, no attack to ADATA was successful.  None of confidential information of ADATA was leaked."

     

    Comparing the timestamps on the data shared by RansomHouse with the data leaked by Ragnar Locker in June 2021, both sets of stolen data have similar timestamps, with no file being newer than May 2021.

     

    ransomhouse-adata-leak-page.jpg
    ADATA page on RansomHouse's data leak site - Source: BleepingComputer
     

    ADATA added that RansomHouse had not left any ransom notes on their servers to prove that an attack occurred.

     

    However, RansomHouse continues to claim they breached ADATA recently in a data theft attack and that they had negotiated with the company on the stolen data.

    Who is RansomHouse?

    RansomHouse launched its extortion operation in 2021 when it leaked its first victim, Saskatchewan Liquor and Gaming Authority (SLGA).

     

    The threat actors claim not to use any ransomware in their attacks, but the White Rabbit ransom notes clearly link encryption attacks to Ransom House.

     

    white-rabbit-ransom-note.jpg

    White Rabbit ransom note mentioning Ransom House - Source: BleepingComputer

     

    More recently, RansomHouse claimed an attack on eight municipalities in Italy.

     

    During this attack, ransomware was used that appended the .mario extension to encrypted files and left a ransom note greeting victims with, "Buongiorno la mia bella Italia."

     

    italy-ransom-note.jpg
    RansomHouse ransom note for Italy attacks - Source: MalwareHunterTeam
     

    RansomHouse has targeted other high-profile companies, including AMD and Shoprite Holdings, Africa's largest supermarket chain.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...