An unnamed group of hackers spoke to TechCrunch this week, claiming to be behind the recent Western Digital data breach. The outlet, along with cybersecurity researchers, verified the hackers’ information, and the group is demanding a one-time eight-figure payment. The threat actor alleges to have stolen over 10 terabytes of proprietary data, including customer information.
The hackers claim to have Western Digital customer data but didn’t specify what kind. The company is primarily known for selling storage products that don’t require heading over personal information, but the cyberattack could theoretically impact users of its data center and NAS services.
Meanwhile, the restoration of the company’s My Cloud service occurred on Wednesday, a full 10 days after the company publicly disclosed an outage that rendered the online storage platform unattainable for users.
TechCrunch and two outside security researchers confirmed that the perpetrators have access to Western Digital’s code-signing certificate, enabling the hackers to impersonate the company by digitally signing files. The attackers also have executives’ phone numbers and email addresses, access to the company’s internal files, its Microsoft Azure services, and e-commerce data.
Although Western Digital took systems and services offline following the initial breach, the hackers claim to still be inside the company’s network with the ability to extract more information. Although the group wants an eight-figure ransom at minimum, the incident wasn’t a ransomware attack, and the hackers didn’t encrypt WD’s data.
The group, claiming to have no name, had no political or ideological motives. It picked Western Digital at random and hit the company solely for money. Now they are threatening to release the stolen information on the ransomware group Alphv’s website.
Western Digital seems to have ghosted the hackers so far, ignoring all of their emails. The company’s statement following the attack didn’t say much, only that it is working with law enforcement and security experts to understand the scope of the hack and restore affected systems. WD also declined comment on whether it had contacted those responsible or if they accessed customer data.
The ransom demands include offers to cover up the incident, which many cyberattack victims have done, according to a recent report. A Bitdefender survey revealed that up to one in three corporate data breach victims avoid disclosing the events to preserve their reputations.