Posted on May 1, 2023 at 3:15 PM
Western Digital data leaked online as hackers demand ransom
The ALPHV ransomware group, also known as BlackCat, has continued to taunt Western Digital weeks after an exploit on the company. The ransomware group has now released screenshots of internal emails and video conferences stolen from the company’s systems. The goal of the threat actors is to receive a ransom payment from Western Digital.
Hackers leak stolen data from Western Digital
The leaked images from Western Digital show the likelihood of the hackers have continued to access the company’s systems despite Western Digital saying it had responded to the breach.
This leak comes after the hacker warned Western Digital on April 17. In the earning, the threat actor group said it would continue hurting Western Digital until the company “cannot stand anymore.” The threat actors have vowed to continue with the malicious activity if a ransom is not paid.
The threat actor group appears committed to embarrassing Western Digital if the company fails to meet its demands. The hackers have already started publishing some of the stolen data, indicating that Western Digital is yet to pay the demanded ransom. Some of the information leaked by the hackers included 29 screenshots depicting emails, documents, and video conferences linked to how the company responded to the breach.
The nature of the leaked information shows that the hackers have continued to maintain a presence in Western Digital’s systems. Usually, when a hacking attack targets a company, one of the initial responses is to understand how the hacker obtained access to the network and blocked the path.
However, there can be a lag between the time the breach was detected and the response taken by the company. This lag allows the hacker to continue stealing data from the systems even after detecting the attack. The hacker then uses this access to monitor the company’s response and steal more data.
The screenshots leaked by the ALPHV ransomware group show that the hackers are alluding to having continued accessing Western Digital’s systems. The hackers maintained access to Western Digital as the leaked information pertains to emails and video conferences held by the company to discuss the attack.
One of the leaked images is a “media holding statement.” Another image contains an email about the company’s employees leaking information about this attack to the press. The hackers have also accompanied the leaked images with a message claiming that they have access to the personal information of customers and a backup of the WD SAP Backoffice implementation.
The data leaked by the hackers appear factual and belongs to Western Digital. However, there is no certainty whether this information was stolen during the attack. Western Digital is not negotiating a ransom with the hackers to prevent the company’s data from being leaked. This is the reason behind the increased threats from the hackers.
In a new warning directed to the company, the hackers said, “We know you have the link to our onion site. Approach with payment prepared or [..] off. Brace yourselves for the gradual fallout.” Western Digital has yet to share a statement on the leaked images and the fresh warning sent by the hackers.
Cyberattack targeting Western Digital
Western Digital fell victim to a cyberattack on March 26. During this attack, the hackers gained access to the company’s internal network and stole company data. However, the hackers did not deploy ransomware or encrypt the files to force the company into paying the ransom.
The company responded to this attack by shutting down its cloud services. The affected services include My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, and SanDisk Ixpand Wireless Charger. The hack also affected the linked mobile, desktop, and web apps.
A report by TechCrunch said that an “unnamed” hacking group obtained unauthorized access to Western Digital and claimed to have stolen ten terabytes of data from the company.
The threat actor behind this malicious actor shares samples of the stolen data from this breach. The stolen data includes files signed using the stolen code-signing keys, corporate phone numbers, and screenshots of other internal data from the company.
The hackers also claimed to have access to the SAP Backoffice implementation by the company. The threat actor has claimed not to be affiliated with the ALPHV ransomware operation. However, a message later appeared on the leak site for the ransomware group urging Western Digital to pay a ransom for their data not to be leaked.