According to a report from Restore Privacy.
The group posted an update on their dark web site claiming to have stolen “more than 450GB” (it’s not clear if they meant gigabytes or gigabits) of data from the chipmaker. RansomHouse says it targets companies with weak security and was able to compromise AMD back in January due to incorrect passwords used to secure their networks.
“The era of advanced technology, progress and maximum security… these words have so much meaning for the crowd. But it still seems like pretty buzzwords when even tech giants like AMD use simple passwords to protect their networks from intruders,” RansomHouse wrote on its website. “It’s a pity that these are real passwords used by AMD employees, but an even greater shame for the AMD security department, which receives significant funding in accordance with the documents that we got our hands on – and all thanks to these passwords.”
Restore Privacy has reviewed the alleged data leaks and notes that they appear to include “network files, system information, as well as AMD passwords.” Some of the data leaked by RansomHouse and seen TechCrunch suggests that AMD employees protected sensitive data using simple and common passwords such as “123456” and “password”.
AMD confirmed Tom’s equipment that he was aware of a “bad actor” claiming to be in possession of the stolen data and is currently investigating these claims. The company declined to comment on whether it received a ransom demand if customer data was involved.
Therefore, we do not yet know if the alleged attack is genuine or if the stolen data came directly from AMD or a third party partner. Brett Callow, ransomware expert and threat analyst at Emsisoft, stated: TechCrunch that the violation should be taken seriously.
“Ransomware operators are unreliable, unscrupulous actors, and all their claims should be treated with skepticism,” Callow said. “However, to my knowledge, none of the claims they have made to date have proven to be false.”
Unlike other cybercriminal groups that carry out ransomware attacks, RansomHouse says they are “professional intermediaries” between attackers and victims whose goal is to facilitate payments for stolen data.
The tweet, shared by former cybersecurity reporter Catalin Cimpanu, shows a message on the group’s website stating that AMD “either considered its financial gain to be above the interests of its partners/individuals who entrusted them with their data, or chose to hide this fact. they have been compromised.” Chimpanu notes that this “may be a failed attack where someone is trying to monetize the stolen data.”
RansomHouse is a relatively new ransomware group that first emerged in December 2021 with a dark web website listing the Saskatchewan Liquor and Gambling Authority (SLGA) as the first victims. He later hacked into ShopRite, Africa’s largest retail chain. RansomHouse lists six victims on its website, including AMD.
Threat researchers in Malware Bytes Labs blogged about RansomHouse earlier this year, noting how the group proposes removing stolen data and providing a full account of what vulnerabilities were exploited and how. This behavior has led some researchers to speculate that the group is made up of frustrated white hats or bounty hunters who punish companies for lax security measures.
I have worked in the news industry for over 10 years. I have a deep understanding of how the news industry works and how to get information out to the public. I am also an author at Daily News Hack, where I mostly cover health news. I have a keen interest in health and fitness, and I firmly believe that knowledge is power when it comes to taking care of your body. I want to help people live healthier lives by sharing my knowledge with them, and LinkedIn is the perfect platform for me to do that.