AMD would be targeted by RansomHouse, cybercriminals claim to have 450GB of stolen data, for good reason, AMD would use simple passwords as “passwords”


Catalin Cimpanu, a former cybersecurity reporter, posted on his official Twitter account: Cybercriminal group RansomHouse claimed to have data from chip maker AMD. Earlier this year, rumors circulated that AMD had been hit by ransomware, but they have never been officially confirmed.

If the claims are correct, AMD was targeted by extortion group RansomHouse, which claims to be sitting on a hoard of data stolen from the processor designer following an alleged security breach earlier this year. RansomHouse claims that it obtained the files following an intrusion into AMD’s network on January 5, 2022, and that they are not material from a previous loss of its intellectual property.

This relatively new team of cybercriminals also claims that they do not breach the security of the systems themselves, nor do they develop or use ranongware. He would prefer to play the role of mediator between cybercriminals and victims in order to ensure the return of stolen data after a ransom is paid.

RansomHouse stated on its website that it has 450GB. However, it is unclear whether the group means “gigabyte” or “gigabit”. The stolen hardware was reportedly stolen by AMD in January, according to believers.

Online privacy specialist RestorePrivacy said in a blog post that it reviewed the sample data and included network files, system information, and AMD passwords collected during the alleged breach. According to the RansomHouse group, AMD used simple passwords to protect their network.

An era of high-end technology, advancement and cutting-edge safety … there’s so much in those words for the crowd, “the gang wrote on their site. But they still sound like fictional words when even the giants of technology like AMD use simple passwords like “passwords” … to protect their networks from intrusion. It’s a shame these are real passwords used by AMD employees, but a real shame for AMD’s security department which is getting large funding based on the documents we got our hands on, all thanks to these passwords.

The cybercriminals also placed AMD on a list of victims who they thought considered their financial gain to be greater than the interests of their partners and the people who entrusted them with their data, or chose to hide the fact that they had been compromised. .

RestorePrivacy suggested that this could indicate that AMD has not yet paid a ransom for the stolen data. Cimpanu has suggested that the data may come from an AMD partner, but RansomHouse may try to pass it off as AMD to gain more engaging media coverage. These groups often use this tactic to increase pressure on contractors before a victim. See REvil’s Quanta incident, where they claimed it was Apple.

For example, Gigabyte, a partner of AMD and a Taiwanese motherboard maker, was compromised in August 2021 by the ransomware group RansomeXX, which allegedly stole up to 112GB of data.

RansomHouse is a relatively new actor in the cybercrime scene, appearing in December 2021. According to RestorePrivacy, RansomHouse’s first victim was the Saskatchewan Liquor and Gaming Authority. In total, the group identifies six victims, including ShopRite, a large chain of stores in Africa. Earlier this month, RansomHouse leaked data that had been stolen from this company.

In a blog post published late last month, they noted that other security researchers have suggested that the extortion gang may be made up of white hats who are frustrated by the security state and punish organizations for lax defenses of their infrastructure. . Researchers say RansomHouse penetrates networks by exploiting vulnerabilities to steal data and forcing victims to pay, to prevent their data from being sold to the highest bidder. And if no criminals are interested in buying the data, the group puts it up for sale on their website.

This would contradict the group’s claims that it merely acts as a professional mediator between information thieves and their victims. On the About page of the RansomHouse site, the group describes itself as a “community of professional brokers”. However, Malwarebytes Labs threat intelligence researchers classify RansomHouse as a gray hat.

Remember that a black hat is a malicious cyber criminal, as opposed to white hats, which are cyber criminals with good intentions. Black hats have a clear preference for illegal actions. They range from creating viruses and Trojans to worms and spyware.

These people use their computer skills for financial gain or for the purpose of harming individuals or organizations. More generally, they use their knowledge to discover things that are hidden from them. Their numbers continue to grow given the growing value of information in economic warfare.

The existence of a third hat is intriguing but not surprising. It indicates that black hats have the potential to do good. On the other hand, white hats can put a foot on the dark side by leaving a reassuring foot in the light. Security researchers have speculated that a new extortion group called RansomHouse is a team of “frustrated” white hats who have collectively been pressured to punish organizations that continue to have insufficient security in their infrastructure.

RansomHouse is a new group of cybercriminals who break into victims’ networks by exploiting vulnerabilities to steal data and force victims to pay, lest their data be sold to the highest bidder. And if no criminal is interested in buying the data, the group discloses it on its escape site.

This group is also unique in the way it extorts money from victims. They seem to present themselves as penetration testers and bug hunters more than regular online extortionists. After stealing the data from their targets, they offer to delete it and then provide a full report on which vulnerabilities they exploited and how. Like hacker groups, they also have channels, a Telegram account and an escape site to communicate with victims, journalists and those who want to follow their activities.

RansomHouse reportedly emerged in December 2021 and currently has four victims, the first being Canada’s Saskatchewan Liquor and Gaming Authority (SLGA), a regulator of alcohol, cannabis and most gambling in the province. , which first reported a breach in the same month and year.

And she ?

What is your opinion on the subject?

How do you evaluate the method used by the RansomHouse group?

In your opinion, is the RansomHouse group a white hat hacker or a gray hat hacker?

See also

19-year-old hacker finds bug that allows him to control more than 25 Tesla remotely, but the exploited flaw could not be in Tesla’s infrastructure

12-year-old hacker hacks Anonymous official sites to change video games and tells others how to do it, police add

Hacker leaked Tesla’s autopilot and Full Self-Driving (FSD) developer settings, photos and videos posted on Twitter

A hacker reports a flaw that allowed him to add unlimited funds to his Steam wallet, earning a bounty of $ 7,500


Leave a Comment