Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

The Taiwanese memory and storage chip maker ADATA was hit by the Ragnar Locker ransomware gang that also published more than 700GB of stolen data.

The Ragnar Locker ransomware gang has published on its leak sites more than 700GB of data stolen from Taiwanese memory and storage chip maker ADATA.

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker.

“!Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside some Packs you will find sub-archives with separate password, for such cases there are txt file with special password, please check everything carefully“

The group claims to have stolen 1.5TB of sensitive data from ADATA, including financial documents, contracts, non-disclosure agreements, and other files. The gang also published some screenshots as proof of data possession.

This is the second collection of archives allegedly stolen from ADATA that the ransomware operators leaked online, the first one, composed of 4 small 7-zip archives, was published on the leak site early this month in an attempt to make pressure on the victims and convince them into paying the ransom.

Ragnar Locker ransomware gang initially published the archive on the popular MEGA storage service, but the platform closed their account and blocked access to the archives shared by the group.

BleepingComputer reported that the ransomware attack took place on May 23rd, 2021, and forced the company to shut down its systems to contain the infection.

Ragnar Locker ransomware operators published the data after the chipmaker refused to pay the ransom

In November, the U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

The report contains other technical details about the ransomware and provides the following recommendations to mitigate the threat:

Recommended Mitigations
Back-up critical data offline.
Ensure copies of critical data are in the cloud or on an external hard drive or storage device. This information should not be accessible from the compromised network.
Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.
Install and regularly update anti-virus or anti-malware software on all hosts.
Only use secure networks and avoid using public Wi-Fi networks.
Consider installing and using a VPN.
Use multi-factor authentication with strong passwords.
Keep computers, devices, and applications patched and up-to-date.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.