ADATA ransomware attack saw 700GB of data stolen

(Image credit: Kingston)

After the Taiwanese memory and storage manufacturer ADATA decided not to pay a ransom, the Ragnar Locker ransomware operators kept their promise and posted more than 700GB of stolen confidential information online.

As reported by Bleeping Computer, Ragnar Locker operators published a set of 13 archives to the MEGA storage service in the last few days. 

The archives were of varying sizes, ranging from 1.1GB, up to 300GB. Given that MEGA took the database offline relatively fast, it wasn’t possible to investigate precisely what the databases held. However, judging by the metadata, Ragnar Locker operators seem to have stolen ADATA documents on finances, various non-disclosure agreements, and other similar files. 

ADATA fell victim to a ransomware attack in late May 2021, resulting in the company needing to take its systems down. Ragnar Locker operators said they stole 1.5TB of sensitive files, adding that the company’s defenses were so poor they were allowed to take their time with the theft. 

This is not the first time the group behind the Ragnar Locker ransomware is posting ADATA’s sensitive data online. They have already posted four zipped archives, 250MB in total, which are still available for download. 

Large ransom payouts

Bleeping Computer claims Ragnar Locker operators usually demand anywhere between $200,000 and $600,000 in ransom. 

However, when it struck the EDP energy company around this time last year, it demanded 1580 bitcoin, or roughly $10 million at the time.

ADATA decided not to pay the ransom, and bring its systems back online through backups. 

The company makes high-performance DRAM memory modules, NAND Flash memory cards, as well as mobile accessories and gaming products. In 2018, it was the second-largest DRAM and SSD maker in the world.

Law enforcement agencies, as well as cybersecurity experts everywhere, are warning organizations not to pay the ransom, but instead, educate their employees on the dangers of phishing. Despite attacks against large enterprises making headlines, they’re hardly the only target. Ransomware operators will try to compromise all companies, from micro-businesses, across SMEs to major enterprises.

Falling victim to a ransomware attack can be devastating to an SME. Not only will it bring its operations to a screeching halt, but could also result in an eroding reputation among customers, and huge fines from national data watchdogs.  

Via: Bleeping Computer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.