The Ragnar Locker ransomware gang has published on its leak sites more than 700GB of data stolen from Taiwanese memory and storage chip maker ADATA.
The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker.
“!Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside some Packs you will find sub-archives with separate password, for such cases there are txt file with special password, please check everything carefully“
The group claims to have stolen 1.5TB of sensitive data from ADATA, including financial documents, contracts, non-disclosure agreements, and other files. The gang also published some screenshots as proof of data possession.
This is the second collection of archives allegedly stolen from ADATA that the ransomware operators leaked online, the first one, composed of 4 small 7-zip archives, was published on the leak site early this month in an attempt to make pressure on the victims and convince them into paying the ransom.
Ragnar Locker ransomware gang initially published the archive on the popular MEGA storage service, but the platform closed their account and blocked access to the archives shared by the group.
BleepingComputer reported that the ransomware attack took place on May 23rd, 2021, and forced the company to shut down its systems to contain the infection.
Ragnar Locker ransomware operators published the data after the chipmaker refused to pay the ransom
In November, the U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.
The report contains other technical details about the ransomware and provides the following recommendations to mitigate the threat:
(SecurityAffairs – hacking, ransomware)