AMD said it is investigating a potential data breach after Ransomhouse, a relatively new data cybercrime operation, claimed to extract data from the US chipmaker.
An AMD spokesperson told Meczyki.Net that the company is “aware of a bad actor claiming to be in possession of stolen data,” adding that “an investigation is currently underway.”
Ransomhouse, which earlier this month claimed responsibility for a cyberattack on Africa’s largest retailer, Shoprite, claims it breached AMD to steal 450GB of data on January 5. The group claims to be targeting companies with weak security, and claimed that it was able to compromise AMD due to its use of weak passwords throughout the organization.
“The era of high-end technology, advancement and top-notch security…these words have a lot to offer to the crowd. But it seems they are still just pretty words when even technology giants like AMD are trying to protect their networks from intrusions. simple password to use,” Ransomhouse wrote on its data leak site. “It’s a shame they’re the actual passwords used by AMD employees, but a huge shame for the AMD security department, which received significant funding—according to the documents we got from our hands—for these passwords.” Thanks everyone.”
Ransomware expert and Emsisoft threat analyst Brett Callow told Meczyki.Net that there is no reason to doubt the group’s claims. “Ransomware operators are unbelievably bad-faith actors and all their claims should be viewed with suspicion,” he said. “That said, as far as I know, none of the claims he has made to date have been proven false.”
Part of the stolen data leaked by Ransomhouse and seen by Meczyki.Net suggests that AMD employees were using simple passwords like “password,” “123456,” and “welcome1.” Other data posted by the group appears to include network files and system information. It’s not clear whether AMD has demanded the ransom, but Ransomhouse advises victims to contact their support team to receive “further instructions” on how to prevent full data disclosure.
AMD would not say whether it had received a ransom demand, nor would it say which of its systems were targeted or whether customer data was used as a result. The chipmaker also declined to answer any questions regarding its password security measures.
Unlike other cybercrime gangs, Ransomhouse claims it is not a “ransomware” group, but rather describes its operations as a “professional intermediary community”, even though the ultimate goal of extorting companies for money is the same. lives.
Ransomhouse states on its dark web site, “We have nothing to do with any breach and do not produce or use any ransomware.” “Our primary goal is to minimize harm to the parties concerned. Members of RansomHouse prefer common sense, good conflict management, and intelligent negotiation in an effort to achieve fulfillment. [sic] of the obligations of each side rather than having a non-constructive argument. ,
RansomHouse first emerged in December 2021 and currently lists six victims on its data leak site, the first of which was Canada’s Saskatchewan Liquor and Gaming Authority (SLGA).