Sensitive ADATA Files Published Online Following a Ragnar Locker Ransomware Attack
The Electronics Maker Decided Not to Pay the Ransom and Restored the Impacted Systems on Its Own.
After Taiwanese memory and storage manufacturer ADATA had to take its systems offline following a Ragnar Locker ransomware attack in May, the ransomware hackers have now made public download links for more than 700GB of archived stolen data.
According to BleepingComputer, a batch of 13 archives, reportedly holding private files belonging to ADATA, have been publicly accessible at a cloud-based storage service.
Last weekend, the ransomware cybercriminals published on their leak website the download links to a new collection of ADATA corporate papers, informing interested parties that the links would not remain there for long.
As Ragnar Locker gang predicted, the cloud-based storage service that was hosting the stolen information responded and closed the hacker’s account, refusing to grant access to any documents they had made public.
As stated by BleepingComputer, two of the published archives are quite large, weighing more than 100GB, but those that could have been effortlessly copied are less than 1.1GB large.
For each file metadata published by the hacker, the largest archive is close to 300GB and it is impossible to know what it might contain based on its name.
Another large one is 117GB in size and its name is just as featureless as the first one (Archive#2).
Based on the archives titles, Ragnar Locker probably stole official papers that contain banking information, non-disclosure agreements, and others belonging to the Taiwan-based company.
ADATA was hit by with ransomware cyberattack that occurred on May 23rd, which led to the takedown of impacted systems offline for the containment of the virus.
Although the systems are now restored and started to function normally, the Ragnar Locker ransomware gang claims to steal 1.5TB of data before deploying the encryption procedure, stating that the weak network security gave them the time they needed for their operation.
So then, as usual, we did offer to cooperate to fix the vulnerabilities and to restore their system and of course, avoid any publication regarding this issue, however, they didn’t value much their own private information, as well as partners/clients/employees/customers information.
As the Ragnar Locker leak clearly shows, ADATA did not pay the ransom and restored the affected systems on its own.
The recently published set of archives is not the first one that Ragnar Locker ransomware leaks for the Taiwanese memory and storage manufacturer ADATA.
The previous one was published earlier this month and includes four small 7-zip archives (less than 250MB together) that can be downloaded even at this moment.