Taiwan-based leading memory and storage manufacturer ADATA says that a ransomware attack forced it to take systems offline after hitting its network in late May. ADATA manufactures high-performance DRAM memory modules, NAND Flash memory cards, and other products, including mobile accessories, gaming products, electric power trains, and industrial solutions. The Taiwanese memory manufacturer took down all impacted systems after detecting the attack and notified all relevant international authorities of the incident to help track down the attackers. According to ADATA, they were hit by the ransomware attack on May 23rd, 2021, and they were successfully able to suspend the affected systems as the attack was detected. All necessary efforts have since been made to recover and upgrade the related IT security systems. ADATA did not provide information on the ransomware operation behind the incident or any ransom demands. However, the attack has already been claimed over the weekend by the Ragnar Locker ransomware gang. Ragnar Locker stated that they have allegedly stolen 1.5TB of sensitive data from ADATA’s network before deploying the ransomware payloads. According to the screenshots already posted by Ragnar Locker on their dark web leak site, the attackers could collect and exfiltrate proprietary business information, confidential files, schematics, financial data, Gitlab and SVN source code, legal documents, employee info, NDAs, and work folders.
One of the primary methods to protect an organization from ransomware attacks is to have secure backups of all the organization’s important data and configurations. The “3-2-1 rule” of backups helps to ensure that backups are not also destroyed by attackers or equipment failure. Keep three copies of the data, on two separate storage devices with one of them being offsite. Following this method will allow for files to be restored since there is a secure copy of the companies’ data to replace any encrypted files. Backup procedures should be tested, and company leaders should understand how long it will take to fully restore systems, taking the recovery time into account for planning. Even when backups allow a company to resume operations, attackers may steal files and threaten to leak them to the public. It’s important to catch network intrusions in the earliest stage of the attack and cut off the attackers’ access before they have the chance to steal sensitive files. That requires 24/7 monitoring of endpoint and network events with skilled security personnel to respond quickly to investigate unusual patterns of events.