AMD Latest Victim of RansomHouse Gang
It’s been a challenging couple of years for AMD. After the last few years of disruption and amid the global chip shortage, the company has been attacked by the RansomHouse Extortion Group, which claims to have exfiltrated more than 450 GB of data.
“In an ironic twist of fate, AMD survived the global chip supply chain crisis during the COVID-19 pandemic only to be victimized by ransomware from a new data extortion group,” said Saryu Nayyarr, CEO and founder of Gurucul.
The RansomHouse gang did not initially release samples, but AMD acknowledged the breach.
“AMD is aware of a bad actor claiming to be in possession of stolen data from AMD,” the company said in a statement sent to RestorePrivacy. “An investigation is currently underway.”
The statement came after the RansomHouse Group posted taunting messages on Telegram on June 20, asking readers to solve a riddle: “We’ve got a new surprise ready! But first, there’s a small riddle for you: the first person to solve it will get the link. So…name a company that: 1) Pretty much everyone knows 2) Its name consists of three characters 3) The first character is A Just write down your guess in this channel and get your link in a private message.”
A week later, the group followed up by identifying “technology giant” AMD and promised, “[Y]ou’ll be surprised how they treat their security when we publish the sample and you know the details.”
Those details were disheartening.
“Doubling down on irony is the fact that AMD staff used ‘password’ as the password for critical network access,” Nayyar said. “How does this still happen in companies with security-savvy engineers? It’s beyond comprehension, quite frankly. Time to spin all the passwords and clean up security controls. Seriously, it’s time.”
AMD joins five other companies, including ShopRite, that have fallen victim to this malicious actor. “The RansomHouse ransomware gang also claimed an attack on The ShopRite Group, one of South Africa’s largest supermarket chains,” according to a report from BlackFog.
“The hackers openly touted their attack on the supermarket chain via their Telegram channel,” the security firm said.
As with AMD, the RansomHouse gang shared Shoprite’s security and privacy foibles, including claims that “the company ‘was keeping enormous amounts of personal data in plain text/raw photos packed in archived files, completely unprotected.’” BlackFog wrote. “A sample of the exfiltrated data was published and ShopRite was ‘invited’ to pay a ransom.”
“We haven’t yet seen evidence of the attack on AMD, but RansomHouse’s recent attack on the ShopRite Group in South Africa would indicate that they are focused on large organizations with weak security,” said Darren Williams, CEO and founder of BlackFog.
“As with all cyberattacks, it really doesn’t matter how the bad actors found their way in; weak passwords or otherwise, if they want to find a way in, they will be successful! What really matters is what data they were able to leave with,” Williams said. “Extortion is the focus for cybercriminal gangs, and organizations should look to newer technologies like anti-data exfiltration to stop them in their tracks and prevent any unauthorized data from being exfiltrated.”
The RansomHouse group insists that it is not a ransomware gang but rather an organization whose “primary goal is to minimize the damage that might be sustained by related parties.”
The group’s members instead “prefer common sense, good conflict management and intelligent negotiations in an effort to achieve fulfillment of each party’s obligations instead of having non-constructive arguments,” it said on its website. “These are necessary and sufficient principles that lead to amicable agreements and sometimes even to subsequent productive and friendly cooperation.”
