AMD Investigating Alleged 450Gb Data Theft by RansomHouse Extortionists (Update)

News
By Paul Alcorn
last updated

Extortion group tries to ransom hacked AMD data

(Image credit: Fritchenz Frenz)

RansomHouse, a relatively new extortion group, claims to have "more than 450Gb" of hacked data from AMD, according to a report from Restore Privacy. @campuscody has also independently posted information about the stolen data. The RansomHouse extortion group claims to not use ransomware or conduct breeches itself — instead, it claims to serve as "professional mediators" for negotiations between attackers and victims to secure payments for stolen data. We reached out to the company, and AMD issued the following statement to Tom's Hardware:

"AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway." AMD representative to Tom's Hardware.

Restore Privacy says it has reviewed data posted by RansomHouse that appears to include "network files, system information, as well as AMD passwords." However, it isn't clear yet if that data is genuine, or whether it comes directly from an attack on AMD or one of its subcontractors. As such, the attack remains unverified. 

Expanding the above tweet, you can see the group's posting on its website. RansomHouse has added AMD to a list of companies that it says "have either considered their financial gain to be above the interests of their partners/individuals who have entrusted their data to them or have chosen to conceal the fact they have been compromised," implying that AMD hasn't paid a ransom. 

The group claims that AMD used simple passwords like 'password' to protect its networks, leading to the breach. RansomHouse's posting says that AMD's network was breached on January 5, 2022, and that it is in possession of 450Gb of stolen data. Notably, the "Gb" used by the group means 450 gigabits of data, or 56.25 gigabytes (GB). We're not yet sure if the group has merely misused Gb or if this is the correct value. 

RansomHouse emerged in December 2021 and established an extortion market in May 2022. The group claims the Saskatchewan Liquor and Gaming Authority (SLGA) as its first victim, with other purported victims, like ShopRite, added later. 

News of the attack comes in the wake of the famed 'Gigabyte Hack' that found 112GB of data stolen from AMD partner Gigabyte. That information was later posted by the RansomEXX hacking group after Gigabyte/AMD apparently refused to pay a ransom. As a result, information about AMD's forthcoming Zen 4 processors was divulged prior to launch, and it later proved to be genuine information. We'll update as we learn more about this recent event. 

Paul Alcorn
Paul Alcorn
Managing Editor: News and Emerging Tech

Paul Alcorn is the Managing Editor: News and Emerging Tech for Tom's Hardware US. He also writes news and reviews on CPUs, storage, and enterprise hardware.

See more CPUs News
14 Comments Comment from the forums
  • peachpuff
    Intel must be drooling 🤤
    Reply
  • twocows360
    It won't happen, but if governments just made it illegal to pay the ransom (and gave those laws teeth), ransomware would largely go away. It exists because people will pay; make it scarier to pay than not to pay and most hacking groups won't find it worth the effort.
    Reply
  • King_V
    twocows360 said:
    It won't happen, but if governments just made it illegal to pay the ransom (and gave those laws teeth), ransomware would largely go away. It exists because people will pay; make it scarier to pay than not to pay and most hacking groups won't find it worth the effort.

    I don't know if it's quite that simple. What's to stop them from selling the information? I mean, even if EVERY country somehow made it illegal to pay the ransom, and, of course, illegal to buy stolen goods, it's pretty obvious that there are a number of governments and/or corporations who are quite willing to buy stolen data.

    I mean, it's quite obvious that companies are quite willing to break the law in any number of ways, betting that they either won't get caught, or if they do, the penalty will be so small that it was worth breaking the law.
    Reply
  • digitalgriffin
    King_V said:
    I don't know if it's quite that simple. What's to stop them from selling the information? I mean, even if EVERY country somehow made it illegal to pay the ransom, and, of course, illegal to buy stolen goods, it's pretty obvious that there are a number of governments and/or corporations who are quite willing to buy stolen data.

    I mean, it's quite obvious that companies are quite willing to break the law in any number of ways, betting that they either won't get caught, or if they do, the penalty will be so small that it was worth breaking the law.

    While I agree with you about it never being that simple, you "NEVER EVER PAY THE EXTORTIONISTS" Give a mouse a cookie...
    Reply
  • funguseater
    twocows360 said:
    It won't happen, but if governments just made it illegal to pay the ransom (and gave those laws teeth), ransomware would largely go away. It exists because people will pay; make it scarier to pay than not to pay and most hacking groups won't find it worth the effort.

    Wait, you mean make it illegal like extorting companies for ransom. Thats not working out so well.
    Reply
  • twocows360
    funguseater said:
    Wait, you mean make it illegal like extorting companies for ransom. Thats not working out so well.
    Only because it's harder to punish the people doing the extortion.

    Make it illegal and punishable with a fine that hits harder than the ransom would. And if you don't think that's fair to the would-be victim, consider that money going to ransomware extortionists often ends up in places like North Korea or in the hands of mobsters and despots, in the hands of human traffickers, etc. There's a substantial public benefit involved with making sure ransoms aren't paid even without getting into the effect on the ransomware industry it would have if nobody paid ransoms.
    Reply
  • Kamen Rider Blade
    twocows360 said:
    Only because it's harder to punish the people doing the extortion.

    Make it illegal and punishable with a fine that hits harder than the ransom would. And if you don't think that's fair to the would-be victim, consider that money going to ransomware extortionists often ends up in places like North Korea or in the hands of mobsters and despots, in the hands of human traffickers, etc. There's a substantial public benefit involved with making sure ransoms aren't paid even without getting into the effect on the ransomware industry it would have if nobody paid ransoms.
    I concur, ransoms shouldn't ever be paid.

    Legally prohibiting it is what matters.
    Reply
  • Giroro
    twocows360 said:
    Only because it's harder to punish the people doing the extortion.

    Make it illegal and punishable with a fine that hits harder than the ransom would. And if you don't think that's fair to the would-be victim, consider that money going to ransomware extortionists often ends up in places like North Korea or in the hands of mobsters and despots, in the hands of human traffickers, etc. There's a substantial public benefit involved with making sure ransoms aren't paid even without getting into the effect on the ransomware industry it would have if nobody paid ransoms.

    So your plan is to punish victims for reporting a crime? I'm not so sure that would have the intended results. Even if you were able to fully educate the population about the laws (laws are only a deterrent when people actually know about them), I'm reasonably sure that would just turn "don't pay the ransom" into "don't get caught paying the ransom".

    It would be a lot more effective to teach people to value their privacy and security, reinforce legal privacy protections and codify the idea that personal data is personal property that is constantly being stolen, and to frankly just teach people how to use their computers and how to interact in a connected world.
    Lesson #1: Just because something is written in your native language does not mean that it is true, nor does it mean that it was written by somebody who has your best interests in mind.

    Of course, a company like AMD should be leading by example. They're protecting crucial IP, valued at billions of dollars. That's a bit more valuable than your average person's photo collection and bank password.
    Reply
  • domih
    Admin said:
    The RansomHouse extortion group claims to have 450Gb of stolen AMD data and is charging an unknown ransom.

    AMD Purportedly Targeted by RansomHouse Extortion Group, 450Gb of Data Stolen : Read more

    From the article: "...The group claims that AMD used simple passwords like 'password' to protect its networks, leading to the breach..."
    Damn, I did not see that one coming o_O

    Reply
  • Math Geek
    if they are dumb enough to have super secret stuff accessible from the web, they deserve whatever happens to it.

    i can't imagine 450 gb is just hr files on employees. there has to be some juicy stuff included in that much data.
    Reply