Ragnar Locker has claimed another victim. BleepingComputer reported yesterday that the ransomware group forced Adata to take its systems offline in May. Even though Adata says it has since resumed normal operations, the group claims that it was able to steal 1.5TB of data before the company detected its attack.
It’s not clear how the ransomware attack affected Adata’s ability to manufacture its storage, memory, and power solutions. The company told BleepingComputer that “things are being moved toward the normal track, and business operations are not disrupted for corresponding contingency practices are effective.”
Ragnar Locker has reportedly claimed that it was able to “collect and exfiltrate proprietary business information, confidential files, schematics, financial data, Gitlab and SVN source code, legal documents, employee info, NDAs, and work folders” as part of this attack. But those files have not yet been shared with the public.
The ransomware group has been operating since at least November 2019. Sophos offered some insight into how the ransomware itself operated in May 2020, and the FBI said in November 2020 that it has targeted “cloud service providers, communication, construction, travel, and enterprise software companies.”
It seems Ragnar Locker isn’t bashful, either, with Threatpost reporting in November 2020 that it took out Facebook ads threatening to leak the 2TB of data it stole from Campari Group unless it was paid $15 million in Bitcoin. Other high-profile attacks have targeted Energias de Portugal (a Portuguese electric company) and Capcom.
Ransomware doesn’t necessarily get as much attention as it used to, but attacks are still common, and they’re still able to affect large companies like Adata or Quanta Computer. The attacks often follow the pattern set by Ragnar Locker by attempting to block access to data while simultaneously threatening to leak it to the public.
Attacks continue to target consumers, too, with a recent example being Android ransomware that masqueraded as a mobile version of Cyberpunk 2077 to find its victims. Companies have even started to sell their “self-defending” SSDs to consumers to ease concerns about being targeted by these kinds of attacks.
Adata told BleepingComputer that it is “determined to devote ourselves making the system protected than ever, and yes, this will be our endless practice while the company is moving forward to its future growth and achievements.” Somebody’s gotta make sure those efforts to capitalize on Chia aren’t disrupted again.