Leading Taiwan-based memory and storage manufacturer ADATA says a ransomware attack forced it to shut down systems after attacking its network in late May.
ADATA manufactures high-performance DRAM memory modules, NAND Flash memory cards, and other products, including mobile accessories, gaming products, electrical powertrains, and industrial solutions.
The company was ranked as the second largest manufacturer of DRAM memory and solid state drives (SSD). in 2018.
ADATA confirms May ransomware attack
The Taiwanese memory maker disabled all affected systems after detecting the attack and notified all relevant international authorities of the incident to help locate the attackers.
“ADATA was attacked by a ransomware attack on May 23, 2021,” the company told Bleeping Computer in an email statement today.
ADATA business operations are no longer disrupted depending on the memory manufacturer, affected devices are restored, and services shut down regular performance.
“The company successfully suspended the affected systems as soon as the attack was detected, and every effort has been made to recover and update the related IT security systems,” ADATA added.
“With pleasure things are moving towards the normal path and business operations are not interrupted because the corresponding contingency practices are effective.
“We are determined to dedicate ourselves to making the system more secure than ever, and yes, this will be our never-ending practice as the company moves toward its future growth and achievements.”
Ragnar Locker ransomware claims the attack
ADATA did not provide information on the ransomware operation behind the incident or any ransom request. However, the attack has already been claimed over the weekend by the Ragnar Locker ransomware gang.
Ragnar Locker says they have allegedly stolen 1.5TB of sensitive data from the ADATA network before deploying the ransomware payloads.
So far, the ransomware gang has only released screenshots of stolen files and folders as proof of their claims, but they threaten to leak the rest of the data if the memory manufacturer doesn’t pay the ransom.
According to screenshots already posted by Ragnar Locker on his dark website, attackers could collect and exfiltrate proprietary business information, confidential files, schematics, financial data, Gitlab and SVN source code, legal documents, employee information, NDA and work. folders.
Ragnar Locker ransomware activity was first observed to be deployed in attacks against various targets in late December 2019.
At compromised enterprise endpoints, Ragnar Locker operators terminate remote management software (such as ConnectWise and Kaseya) used by Managed Service Providers (MSPs) to manage customer systems remotely.
This allows attackers to evade detection and ensure that remotely connected administrators do not block the payload deployment process.
The FBI has warned private industry partners of increased Ragnar Locker ransomware activity after an April 2020 attack that hit the network of multinational energy giant Energias de Portugal (EDP).
As BleepingComputer saw it, Ragnar Locker’s ransom demands range from $ 200,000 to roughly $ 600,000. However, Ragnar Locker demanded a ransom of 1,580 bitcoins (the equivalent of more than $ 10 million) in the EDP case.