AMD investigates alleged 450 GB data theft by RansomHouse group

AMD investigates alleged 450 GB data theft by RansomHouse group

Image:
AMD investigates alleged 450 GB data theft by RansomHouse group

The group claims AMD had a weak password policy

AMD says it is looking into a potential data breach after the RansomHouse hacking group claimed it is in possession of stolen data from the US chipmaker.

An AMD representative told online privacy specialist RestorePrivacy that the company was "aware of a bad actor claiming to be in possession of stolen data", and that an investigation was presently ongoing.

According to RansomHouse, the data was stolen from AMD's network on January 5, 2022, and was not a result of a previous leak of its intellectual property.

The group claims to be targeting businesses with lax protection, and stated on its Tor-hidden website that it was holding 450 GB of AMD data.

It stated that the use of weak passwords throughout AMD made the firm vulnerable to attacks and enabled hacker to compromise the firm.

"An era of high-end technology, progress and top security … there's so much in these words for the crowds," RansomHouse wrote on its site.

"But it seems those are still just beautiful words when even technology giants like AMD use simple passwords like 'password' … to protect their networks from intrusion. It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our our [sic] hands on - all thanks to these passwords."

As proof, the gang has released a data sample.

In a blog post, RestorePrivacy said it had conducted an analysis of the data sample and found that it included network files, system information, and AMD passwords that were obtained during the alleged data breach.

It's not yet known if the information is genuine, or whether AMD or one of its suppliers was the target of the attack.

As such, the AMD attack remains unverified.

RansomHouse asserts that it is not a "ransomware" group, in contrast to other cybercrime organisations, and that it acts as a "mediator" between the attackers and victims to ensure that the payment is made for the stolen data.

RansomHouse first came to light in December 2021 with a darknet website that lists Saskatchewan Liquor and Gaming Authority (SLGA) as its first victim.

The group achieved worldwide attention earlier this month by leaking data stolen from ShopRite, the biggest retail chain in Africa.

It also has a Telegram channel where it posts updates about its activities.

RansomHouse had been hinting on Telegram for the last week that they would be selling the data for a well-known three-letter firm whose name begins with the letter A.

It's unclear if much of what the group is claiming is true or whether they have asked AMD for a ransom in exchange for the information.

Last year, the Taiwanese motherboard manufacturer Gigabyte, an AMD partner, fell victim to the ransomware gang RansomEXX, which allegedly stole up to 112 GB of its data.

"The alleged data breach of chipmaker AMD by RansomHouse is a stark reminder of the ongoing importance of an effective password management programme," said Neil Jones, director of cybersecurity evangelism at Egnyte.

"For as long as I can remember, easily-guessed passwords such as 123456, qwerty, and password have dominated the global listing of most commonly-used passwords, and they are undoubtedly in use in many corporate settings. Unfortunately, weak passwords can become a literal playground for cyber attackers, particularly when they gain access to your organisation's remote access solution and view corporate users' ID details."

Key components of an effective password management programme, Jones said, include employee education about the risks, establishment of mandatory password rotations, and re-visiting the company's account lockout requirements, to ensure that users' access is immediately disabled after multiple failed login attempts.