Extortion group RansomHouse claims to have gigabytes of sensitive data stolen from AMD

Why it matters: The number of cyberattacks doubled in 2021 compared to the previous year, and experts predict the situation will only get worse. Targets range from individuals to very large organizations like AMD, whose corporate network may have been breached earlier this year. A group called RansomHouse is now trying to sell a treasure trove of data stolen from the chipmaker on the dark web.

A report from Restore Privacy suggests AMD may have been the target of a cyberattack. According to the publication, the RansomHouse group claims it has managed to come into possession of sensitive information stolen from the chipmaker.

RansomHouse is a relative newcomer to the ransomware market that is believed to have emerged in December 2021. In the meantime, it has targeted organizations like the Saskatchewan Liquor and Gaming Authority and Shoprite, which is the largest supermarket chain in Africa.

It seems the group's ambitions have grown considerably in the last few months, but there are some issues with the latest claim that it has a treasure trove ripped from AMD's enterprise systems. For one, RansomHouse is known to be more of a "mediator" between the actual attackers and the victims rather than a traditional ransomware gang.

Another issue is the group's announcement on the dark web, which states the data totals "450 Gb." It's not clear whether the figure is intentionally expressed in "gigabits" instead of "gigabytes" to make it seem larger, but RansomHouse says it obtained the data on January 5.

Interestingly, a sample of the stolen data suggests that some AMD employees use really simple and weak passwords such as "password," which is supposedly why the data breach was so easy to perform. That's hardly a surprise when you consider that recent studies have found company executives tend to use the same terrible passwords as other people.

An AMD spokesperson says the company is aware of these claims but didn't go into any details. The only thing we are told is that an investigation is "currently underway."

Former cybersecurity reporter for The Record, Catalin Cimpanu, believes RansomHouse may be trying to sell data stolen from one of AMD's partners rather than AMD itself. We'll have to wait and see, but Emsisoft threat analyst Brett Callow notes the group may be related to the malicious actors behind the WhiteRabbit ransomware.

Masthead credit: Sebastiaan Stam