AMD claims potential attack from RansomHouse gang

By on
AMD claims potential attack from RansomHouse gang

Semiconductor giant AMD is investigating a probable cyberattack by a group that claims it has stolen 450 gigabytes of data from the company, allegedly due to lax password controls.

RansomHouse, which is a considered a relatively new data extortion gang, asserts on its dark website that it got hold of the files via an intrusion into AMD’s system on 5 January 2022.

The gang says it doesn’t breach security systems per se, but does find ways into networks and then acts as a sort of ransomware “mediator” between attackers and victims, according to published reports.

In an interview with CRN US, Brett Callow, a ransomware expert and a threat analyst at Emsisoft, said those at RansomHouse want to portray their operation as merely a platform provider for “members” who use their own ransomware tools, including the notorious White Rabbit.

But he said such claims are “probably BS.”

“In reality, they’re very probably the people behind WhiteRabbit,” said Callow. “They’re criminal extortionists.”

Reviewing their claims about AMD, Callow said he couldn’t say one way or the other whether the cyber-miscreants have swiped actual data from AMD

But he said their claims “have some credibility.”

Contacted by CRN US, AMD would only issue a statement that reads: “AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.”

According to a screenshot of RansomHouse’s dark-web message about the incident, the hackers portray themselves as sort of righteous promoters of secure networks – and punishers of those who fail to adequately secure their networks.

In AMD’s case, RansomHouse, which apparently had been teasing on Telegram for weeks about a high-profile hack announcement to come, mocks the simplicity of some of the passwords used by AMD employees within the company network, such as “password” and “P@sswoOrd” and “123456.”

“It’s a shame those are real passwords used by AMD employees, but a big shame to AMD Security Department which gets significant financing according to the documents we got (our) hands on – all thanks to these passwords,” said the message in the screenshot, provided to CRN by Callow.

It then mocks corporate people who talk about sophisticated technologies and security measures. “But it seems those are still just beautiful words when even tech giants like AMD use simple passwords,” RansomHouse writes.

BleepingComputer.com reported that it got hold of folks at the cyber-gang and that they said they didn’t directly contact AMD with a ransom demand because it was more lucrative to just sell the data to others.

“No, we haven‘t reached out to AMD as our partners consider it to be a waste of time: it will be more worth it to sell the data rather then wait for AMD representatives to react with a lot of bureaucracy involved,” said a RansomHouse representative, according to BleepingComputer.

RansomHouse also reportedly said it had actually obtained access to AMD’s network about a year ago, though its website says the material was swiped in January.

Pictured above: A screenshot of RansomHouse’s dark website showcasing alleged pilfered AMD data and a boastful message from the cyber-gang, courtesy of Emsisoft’s Brett Callow.

This article originally appeared at crn.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

Log In

Email:
Password:
  |  Forgot your password?