A WD data breach that was identified on March 26 and disclosed on April 3 has turned out to be a real problem for the company. The hackers behind the attack are now claiming that they’ve managed to extract about 10TB of data from the company, including customer information and will be asking for at least an eight-figure ransom.
WD’s original announcement did not have much information about how the breach happened and what data was lost. The company simply reported that its network was breached by an unauthorised third party that was able to access multiple company systems. The attack caused and “may continue to cause disruption to parts of the company’s business operation”.
However, one of the hackers behind the attack spoke with TechCrunch and has provided more details as the group looks for ways to put more pressure on WD to pay up the ransom. The hacker also shared files as proof of the breach, including a file digitally signed by WD’s code signing signature showing their impersonation capabilities. This was verified by two security researchers as well.
Other forms of proof included phone numbers allegedly belonging to several company executives and screenshots showing a folder from a Box account belonging to WD, an internal email, files stored in a PrivateArk instance and a screenshot of a group call where one of the participants has been identified as WD’s chief information security officer.
That said, the hacker didn’t reveal the attack vector or what kind of customer data they have. They did however say that the attack exploited vulnerabilities within the company infrastructure and then worked its way up to the global administrator of their Microsoft Azure tenant. The goal behind the attack is to simply make money, as for why WD was targeted, the hacker said that the group comes up with targets randomly.
The hackers have emailed several executives on their personal emails demanding a one-time payment to leave the network and let the company know about the weaknesses. They haven’t done any lasting harm yet, but if any efforts to interfere with the hackers, their systems or anything else are made, they’re willing to retaliate, claiming that they’re still ‘buried’ in WD’s network.
WD has declined to comment on the situation or answer questions about the hacker’s claims about the amount of data stolen, whether or not it contains customer data and whether the company had been in touch with the hackers. The group’s patience is growing thinner and if WD doesn’t get back to them in time, they will be publishing the stolen data on ransomware gang Alphv’s site. They’re not directly affiliated with the ransomware gang, but the hacker said they “know them to be professional”.
In the News: Google to shut down Currents, again