Storage vendor Western Digital has been the latest company to be hit by hackers. Some ten terabytes of data, including extensive customer information, have reportedly fallen into the wrong hands. The perpetrators demand at least $10 million to stop the data from being published.
One of the hackers showed TechCrunch how the group gained access to the data. By forging WD’s digital signatures, the intruders could impersonate the company. How the hackers initially got inside the network is not clear.
Plain language
Unlike in a ransomware attack where data is encrypted, the hacker group only copied it. Therefore, the ransom demanded is not to regain access to sensitive information but to prevent it from being publicly available. In exchange for the ransom, the hackers say they will let Western Digital know how it can prevent a subsequent attack.
Based on the hackers’ plain rhetoric, it appears they are eager to get paid quickly. “Cut the crap, get the money, and let’s both go our separate ways. Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario.” According to the group member, Western Digital was not attacked for any specific reason. The group chooses their targets “at random,” the hacker states.
We wrote last year that companies often choose to accede to the demands from hackers, which in that specific instance was about ransomware attacks. In recent years, there have been numerous examples of hacking incidents. Samsung, for example, was also robbed of customer data last year.