AMD said it is investigating a possible data breach after RansomHouse, a relatively new data cybercrime, claims to have extorted data from the US chipmaker.
An AMD spokesperson told londonbusinessblog.com that the company “is aware of a bad actor claiming to be in possession of stolen data,” adding that “an investigation is currently underway.”
RansomHouse, which earlier this month claimed responsibility for a cyber attack on Shoprite, Africa’s largest retailer, claims to have hacked AMD on January 5 to steal 450GB of data. The group claims to target companies with weak security, claiming they could compromise AMD by using weak passwords across the organization.
“An era of high-end technology, advancement and top security… there’s so much in these words for the crowd. But it seems those are still just fancy words when even tech giants like AMD use simple passwords to protect their networks from intrusion,” RansomHouse wrote on its data breach site. “It’s a shame these are real passwords created by AMD employees. are used, but a greater disgrace to the AMD security department, which is getting significant funding according to the documents we’ve got our hands on – all thanks to these passwords.”
Brett Callow, a ransomware expert and threat analyst at Emsisoft, told londonbusinessblog.com there is no reason to doubt the group’s claims. “Ransomware operators are untrustworthy bad faith actors and all their claims should be viewed with skepticism,” he said. “That said, to my knowledge, none of the claims they’ve made so far have been proven false.”
Some of the stolen data, leaked by RansomHouse and seen by londonbusinessblog.com, suggests that AMD employees used passwords as simple as “password”, “123456” and “Welcome1”. Other data posted by the group appears to include network files and system information. It’s unclear if AMD has made any ransom demands, but RansomHouse advises victims to contact the support team to receive “further instructions” on how to prevent full data disclosure.
AMD would not say whether a ransom was demanded or which of its systems was targeted and whether customer data was accessed as a result. The chipmaker also declined to answer questions about its password security measures.
Unlike other cybercrime gangs, RansomHouse claims that it is not a “ransomware” group, but describes its operation as a “community of professional brokers”, even if the end goal of extorting companies for money remains the same.
“We have nothing to do with breaches and do not produce or use ransomware,” RansomHouse said on its dark website. “Our primary goal is to minimize the damage that related parties can incur. RansomHouse members favor common sense, good conflict management and intelligent negotiation in an effort to achieve fulfillment [sic] of the obligations of each party rather than having unconstructive arguments.”
RansomHouse first appeared in December 2021 and currently lists six victims on its data breach site, the first of which was the Canadian Saskatchewan Liquor and Gaming Authority (SLGA).