AMD has allegedly fallen victim to a data breach, with the attackers extracting gigabytes of data from the company. Now, the attackers are using a mediator to try and sell that data back.
According to a Tom’s Hardware report, the mediator is a group called RansomHouse, a relatively new threat actor that claims not to attack companies with ransomware itself, but rather serves as the middleman in the negotiations.
The group says it has “more than 450Gb” of AMD data, including "network files, system information, as well as passwords", after a breach that took place in January. It is unclear whether the statement is meant to read 450 gigabytes (GB) or gigabits (Gb); if the latter, the group is claiming to hold roughly 56GB of AMD data.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
RansomHouse also says AMD employees’ security practices were abysmal, using simple credentials like “password” to safeguard their digital premises, which suggests that malware did not play a role in the breach.
AMD says it’s aware of the situation and that an investigation is underway. TechRadar Pro has reached out to the company for further clarification and will update this piece with any further information.
So far, the authenticity of the stolen files has not been confirmed. What we do know is that AMD has not paid any ransom fee, as RansomHouse’s website lists AMD under companies that "have either considered their financial gain to be above the interests of their partners/individuals who have entrusted their data to them or have chosen to conceal the fact they have been compromised.”
RansomHouse has been around for roughly half a year, and claims to have extorted Saskatchewan Liquor, Gaming Authority (SLGA) and ShopRite.