Earlier this week, RansomHouse extortion group added to its data leak site the semiconductor giant AMD. According to the cybercriminals, they managed to steal 450 GB of data from the company. Data was stolen last year, but the threat actors began to tease on Telegram that they would be selling files stolen from a well-known three-letter company, only last week. They said that a name of this company starts with the letter A.
On June 27, 2022, RansomHouse added AMD to their data leak site, thereby AMD launched an investigation.
Unlike the most extortion gangs, RansomHouse group doesn’t use ransomware. It doesn’t encrypt files stored in a victims’ networks, but steal it instead.
The hackers didn’t contact AMD and didn’t demand any ransom. They decided that it would be more effective to sell the stolen data rather than wait for AMD to react and deal with a bureaucracy.
The threat actors claim that the files stolen from a company includes research and financial information, and the value of this data is currently being assessed. Nevertheless, RansomHouse didn’t provide any proof of these stolen files and published just a few samples containing information allegedly connected to AMD's Windows domain.
These files include a CSV containing a list of over 70,000 devices in company’s internal network. Published information also includes an alleged list of corporate credentials. It worth noting that the passwords are rather weak - 'password', 'P@ssw0rd', 'amd!23', and 'Welcome1.'