ADATA Ransomware Attack: A Data Leak from 2021

Overview of the Incident

In October 2022, the ransomware group RansomHouse publicly claimed responsibility for a cyberattack on ADATA, a leading Taiwanese chip manufacturer, and disclosed stolen files on their data leak site. Contrary to these claims, ADATA clarified that the exposed files were associated with a May 2021 RagnarLocker ransomware attack, during which approximately 1.5 TB of data was exfiltrated. The company emphasized that it had not been subjected to a recent cyberattack, highlighting the robust protection measures implemented post the 2021 incident.

About ADATA

ADATA Technology operates within the global manufacturing sector, specializing in the production of memory solutions, including memory cards, USB drives, and solid-state drives (SSDs). The company's official website (https://www.adata.com/us/) features a system upgrades advisor tool, designed to assist users in identifying compatible memory products for their systems.

Details of the 2021 RagnarLocker Ransomware Attack

The RagnarLocker ransomware attack in May 2021 led to a significant data breach, with 700 GB of sensitive data being leaked. This cyberattack compelled ADATA to temporarily shut down its systems. The attackers demanded a ransom in return for a decryption key, a prevalent strategy employed in ransomware campaigns. Ransomware, a malicious software variant, encrypts files on the infected device, making them inaccessible, and often threatens to publish or sell the stolen data unless a ransom is paid.

RansomHouse's Claims and Operations

RansomHouse, which emerged in 2021, has been implicated in several high-profile cyberattacks, targeting entities such as AMD and Shoprite Holdings. Despite claiming not to deploy ransomware in its operations, the group has been associated with encryption-based attacks, notably through the dissemination of White Rabbit ransom notes. This contradiction underscores the evolving tactics of cybercriminal groups and the complexity of attributing cyberattacks definitively.

While ADATA has refuted the occurrence of a recent cyberattack, the situation underscores the persistent risk of ransomware attacks facing businesses. It also highlights the critical importance of implementing and maintaining robust cybersecurity defenses to mitigate the impact of such threats.

Sources

• RagnarLocker Ransomware: https://www.malwarebytes.com/ransomware
• ADATA Official Website: https://www.adata.com/us/
• RansomHouse Targets High-Profile Companies: https://www.securityweek.com/ransomhouse-claims-amd-data-breach