Adata Attacked by Ragnar Locker Ransomware Group, Data Reportedly Stolen

Stock Photo
(Image credit: Shutterstock)

Ragnar Locker has claimed another victim. BleepingComputer reported yesterday that the ransomware group forced Adata to take its systems offline in May. Even though Adata says it has since resumed normal operations, the group claims that it was able to steal 1.5TB of data before the company detected its attack.

It's not clear how the ransomware attack affected Adata's ability to manufacture its storage, memory, and power solutions. The company told BleepingComputer that "things are being moved toward the normal track, and business operations are not disrupted for corresponding contingency practices are effective." 

Ragnar Locker has reportedly claimed that it was able to "collect and exfiltrate proprietary business information, confidential files, schematics, financial data, Gitlab and SVN source code, legal documents, employee info, NDAs, and work folders" as part of this attack. But those files have not yet been shared with the public.

The ransomware group has been operating since at least November 2019. Sophos offered some insight into how the ransomware itself operated in May 2020, and the FBI said in November 2020 that it has targeted "cloud service providers, communication, construction, travel, and enterprise software companies."

It seems Ragnar Locker isn't bashful, either, with Threatpost reporting in November 2020 that it took out Facebook ads threatening to leak the 2TB of data it stole from Campari Group unless it was paid $15 million in Bitcoin. Other high-profile attacks have targeted Energias de Portugal (a Portuguese electric company) and Capcom.

Ransomware doesn't necessarily get as much attention as it used to, but attacks are still common, and they're still able to affect large companies like Adata or Quanta Computer. The attacks often follow the pattern set by Ragnar Locker by attempting to block access to data while simultaneously threatening to leak it to the public.

Attacks continue to target consumers, too, with a recent example being Android ransomware that masqueraded as a mobile version of Cyberpunk 2077 to find its victims. Companies have even started to sell their "self-defending" SSDs to consumers to ease concerns about being targeted by these kinds of attacks.

Adata told BleepingComputer that it is "determined to devote ourselves making the system protected than ever, and yes, this will be our endless practice while the company is moving forward to its future growth and achievements." Somebody's gotta make sure those efforts to capitalize on Chia aren't disrupted again.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • Phaaze88
  • Drazen
    Good! They deserve much worse retaliation for what they did to their users by changing FLASH and controllers on their SSDs! Multiple times without telling anyone!

    Aside this, everyone is this crazy world is attacked in last year. Are hackers bored of lockdowns?
    How is this going to end? Do we really need something very serious, real disaster, for all governments to join together and hit hard?
  • Chung Leong