ADATA Suffers 700 GB Data Leak In Ragnar Locker Ransomware Attack

An anonymous reader quotes a report from BleepingComputing: The Ragnar Locker ransomware gang have published download links for more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. [...] Two of the leaked archives are quite large, weighing over 100GB, but several of them that could have been easily downloaded are less than 1.1GB large. Per the file metadata published by the threat actor, the largest archive is close to 300GB and its name gives no clue about what it might contain. Another large one is 117GB in size and its name is just as nondescript as in the case of the first one (Archive#2). Judging by the names of the archives, Ragnar Locker likely stole from ADATA documents containing financial information, non-disclosure agreements, among other type of details.

The ransomware attack on ADATA happened on May 23rd, 2021, forcing them to take systems offline, the company told BleepingComputer. As the Ragnar Locker leak clearly shows, ADATA did not pay the ransom and restored the affected systems on its own. The ransomware actor claims stealing 1.5TB of sensitive files before deploying the encryption routine, saying that they took their time in the process because of the poor network defenses. The recently leaked batch of archives is the second one that Ragnar Locker ransomware publishes for ADATA. The previous one was posted earlier this month and includes four small 7-zip archives (less than 250MB together) that can still be downloaded.

Not OK

[nospam007]

Not even ragnarok.

Title writes itself

[samwichse]

ADATA: Ragnarlock(er)

God Damn.

[h33t l4x0r]

I'm starting to wonder if I shouldn't quit my other projects and start doing ransomware attacks, because it sounds pretty god-damn lucrative, lately.

Re:

[cfalcon]

In this case, ADATA didn't give them a cent, so they get their data dumped on the open web.

Perhaps they asked for too much, or perhaps ADATA just doesn't want to negotiate with data terrorists.

Note that most of the big ransomware attacks aren't the thing we saw for decades, where a hacking group would pick a target (usually by figuring out what would be easy and profitable), and then really dig in. Instead, these are cases where the ransomware hangs out on the dark web, looking for YOU, the malefactor, to

Finally some reasonable company.

[stooo]

Finally some reasonable company that does not pay a cent to ransomers.
US companies tend to be weaker it seems. That is a bad thing, because it only encourages more ransoming.

Trade screts

[Pentium100]

I hope the attackers did not steal any of ADATA's trade secrets. We don't need others knowing how to make crappy SSDs.

Re:

[Slayer]

The leak may not only reveal incompetence and nasty bugs in their firmware, it may also reveal glaring patent infringement. I don't want to be them right now.

Patents are moot anyway.

[stooo]

Patents are moot anyway.
Bust them.

Re:

[MrL0G1C]

I think the attackers are screwed, Adata's methods are already thoroughly out in the open:
https://www.youtube.com/watch?... [youtube.com]

What are the attackers going to do, confirm Linus's already proven allegations?

adata memories

[v1]

I remember years ago spending $156 on a 1gb ADATA USB flash drive. It wouldn't write past 512mb though. Returned to seller (ebay) who successfully stalled me ("we're sending it back to the manufacturer for testing, we're waiting on results, we're getting a replacement shipped") until my ebay protection expired, then quit responding to me.

A lot of that is my fault for the loss, and ADATA can't really be held responsible for their retailers, but it still leaves me with bad memories for the brand.

PNY and San

Re:

[drinkypoo]

Returned to seller (ebay) who successfully stalled me ("we're sending it back to the manufacturer for testing, we're waiting on results, we're getting a replacement shipped") until my ebay protection expired, then quit responding to me.

I've had protection expire and sent complaints to ebay about how I was stalled, and had them reverse the decision. Sometimes you have to ride them hard to get them to do the right thing, but they generally get there in the end.

Re:

[rudy_wayne]

Returned to seller (ebay)

Well, there's your problem.

Re:

[Ecuador]

I am pretty sure that was not a genuine ADATA flash drive. It was very common for ebay sellers to repackage USB drives and flash them with firmware that reported more storage.
Ebay is (and was) very buyer friendly, it was user error on your part to wait.

Backups and bitcoin? Reporting on the data?

[rapjr]

So where are all those who were saying backups and killing bitcoin would stop ransomware? Neither would have had an effect here because they had backups and they did not pay the ransom. A lot of ransomware is not targeted, it just opportunistically tries to get into whatever networks it can. As long as the attackers get at least a few pay outs (even if it is bags of cash) these attacks will continue and result in more exposed data.

The forced transparency is interesting, although there seems to be littl

they had it coming

[slashmydots]

I have an an entire pile of failed adata SSDs and flash drives and remember, they were the ones who made some SX-series drives, got them reviewed, then changed it to inferior controllers, RAM, and flash modules after the fact without disclosing it. THEY HAD IT COMING. They're basically a giant scam company almost as bad as Silicon Power.