The ALPHV ransomware operation, also known as BlackCat, has recently released screenshots of internal emails and video conferences that they stole from Western Digital. This indicates that the threat actors may have had continued access to the company’s systems even as Western Digital was responding to the breach.
This leak occurred after the attackers warned Western Digital on April 17th that they would cause them harm until they “cannot stand anymore” if a ransom demand was not met.
The March Cyberattack on Western Digital
On March 26th, Western Digital experienced a cyberattack where the threat actors breached the company’s internal network and stole company data. However, no ransomware was deployed and files were not encrypted.
As a response, the company shut down its cloud services for two weeks, including My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, and SanDisk Ixpand Wireless Charger, together with linked mobile, desktop, and web apps.
TechCrunch first reported that an unnamed hacking group breached Western Digital, claiming to have stolen ten terabytes of data.
The threat actor reportedly shared with TechCrunch samples of the stolen data, which included files signed with Western Digital’s stolen code-signing keys, unlisted corporate phone numbers, and screenshots of other internal data.
The hackers also claimed to have stolen data from the company’s SAP Backoffice implementation.
Although the intruder claimed not to be affiliated with the ALPHV ransomware operation, a message soon appeared on the gang’s data leak site, warning that Western Digital’s data would be leaked if they did not negotiate a ransom.
What Are the Financial Consequences of Cybersecurity Breaches in Today’s Digital Landscape?
The dish network ransomware attack cost cybersecurity breaches have significant financial consequences in today’s digital landscape. Businesses face not only the immediate costs of responding to the breach, such as investigating and containing the attack, but also long-term impacts. These include reputational damage, loss of customer trust, potential legal liabilities, and hefty financial investments in enhancing cybersecurity measures to prevent future incidents. It is crucial for organizations to prioritize cybersecurity to minimize the potential financial risks associated with breaches.
ALPHV Taunts Western Digital
In an attempt to taunt and embarrass Western Digital, security researcher Dominic Alvieri revealed that the hackers released twenty-nine screenshots of emails, documents, and video conferences related to the company’s response to the attack.
When a company discovers a breach, one of the first countermeasures is to learn how the threat actor gained access to the network and block the path. However, there is sometimes a gap between detection and response, allowing the adversary’s access to persist even after an attack is detected. This access allows them to monitor the company’s response and steal more data.
From the screenshots leaked by ALPHV, the threat actors are implying that they had continued access to some of Western Digital’s systems as they show video conferences and emails about the attack.
One image includes the “media holding statement,” and another is an email about employees leaking information about the attack to the press.
Included with the leaked data is another message from the threat actors, where they claim to have customers’ personal information and a complete backup of WD’s SAP Backoffice implementation.
Although the data appears to belong to Western Digital, BleepingComputer could not independently verify its source or if it was stolen during the attack.
At this time, Western Digital is not negotiating a ransom to prevent the leak of stolen data, which sparked further threats from the hackers.
“We know you have the link to our onion site. Approach with payment prepared, or [redacted] off. Brace yourselves for the gradual fallout,” reads ALPHV’s new warning to Western Digital.
Western Digital declined to comment regarding the leaked screenshots and claims by the threat actors.