At Western Digital, the traffic lights are now green again after a cyber attack earlier this month. However, the alleged cyber burglars have now answered questions from a magazine. Accordingly, they had withdrawn ten terabytes of data and are now demanding an eight-digit ransom.
Western Digital’s service status is green: All services are now operational again after the cyber attack earlier this month.
(Bild: Screenshot/dmk)
As of Wednesday of this week, Western Digital has the “My Cloud” services My Cloud Home and My Cloud OS 5 can restore. All services are back online and fully available, the company writes on the website.
Media report: Burglars are demanding an eight-digit ransom
The alleged cyber burglars have to TechCrunch claims to have stolen ten terabytes of data from Western Digital. This includes vast amounts of customer data. The blackmailers are therefore urging the company to negotiate a ransom of “at least eight figures” in order not to publish the stolen data in return.
The burglars provided the reporter with a file signed with a Western Digital code signing certificate to prove they could impersonate the company. They also gave him non-public phone numbers for company managers. Although nobody answered the phone, two of the numbers had an answering machine with the names of the executives, which the burglars said were linked to the numbers. Screenshots taken by the cybercriminals also showed a folder from a Box account believed to belong to WD, an email, files from a PrivateArk instance, and a group call in which one participant posed as WD’s Chief Information Officer (CISO) reveals. They also stole data from the SAP systems, they explained.
The goal of the burglary was to get money, the cybercriminals said. However, they would have decided against using ransomware to encrypt the data. They would have called many times but the company staff would not answer. If they did, they wouldn’t listen and would hang up. They also sent e-mails to the executives’ personal e-mail addresses – the business e-mails are currently down – in which they demanded a one-off payment.
No confirmation from Western Digital
A company spokesman declined to comment to TechCrunch or answer questions about the alleged attackers’ claims; about the amount of data stolen, customer data or whether there was contact with the burglars. However, the alleged intruder would not specify what type of customer data they obtained or how they managed to break into the Western Digital network and gain further access. However, he said that “we exploited vulnerabilities in their infrastructure and made our way to global administrator of their (Microsoft) Azure tenant”.
The blackmailers would not reveal details about their group and would not use a name. However, they are threatening to publish the data on the AlphV cybergang’s dark web site in the event of non-payment. They classified them as professional, but they would not belong to it. AlphV is considered particularly unscrupulous. For example, the cybercriminals released sensitive data such as nude photos of cancer patients from the Lehigh Valley Health Network in Pennsylvania.
Western Digital was the victim of a cyber attack earlier this month. Details were not disclosed by the company. Western Digital only explained that unauthorized third parties were able to get hold of data from the systems. The attack interrupted parts of the business operations. As a result, services such as “My Cloud” failed, and even local access to many NAS was not possible. Over Easter, Western Digital had therefore provided assistance on how at least access to the local data on the NAS could be achieved again – the company was able to turn the traffic light for “Local Access” to green.
(dmk)
