RansomHouse, a relatively new extortion group, claims to have "more than 450Gb" of hacked data from AMD, according to a report from Restore Privacy. @campuscody has also independently posted information about the stolen data. The RansomHouse extortion group claims to not use ransomware or conduct breeches itself — instead, it claims to serve as "professional mediators" for negotiations between attackers and victims to secure payments for stolen data. We reached out to the company, and AMD issued the following statement to Tom's Hardware:
"AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway." AMD representative to Tom's Hardware.
Restore Privacy says it has reviewed data posted by RansomHouse that appears to include "network files, system information, as well as AMD passwords." However, it isn't clear yet if that data is genuine, or whether it comes directly from an attack on AMD or one of its subcontractors. As such, the attack remains unverified.
The RansomHouse leak group has claimed today that they have data from chipmaker AMD.Unverified. There were some rumors earlier this year that AMD was hit by ransomware, but they were never confirmed officially confirmed.(via @CSICCybersecur1) pic.twitter.com/gGybb3lwzqJune 27, 2022
Expanding the above tweet, you can see the group's posting on its website. RansomHouse has added AMD to a list of companies that it says "have either considered their financial gain to be above the interests of their partners/individuals who have entrusted their data to them or have chosen to conceal the fact they have been compromised," implying that AMD hasn't paid a ransom.
The group claims that AMD used simple passwords like 'password' to protect its networks, leading to the breach. RansomHouse's posting says that AMD's network was breached on January 5, 2022, and that it is in possession of 450Gb of stolen data. Notably, the "Gb" used by the group means 450 gigabits of data, or 56.25 gigabytes (GB). We're not yet sure if the group has merely misused Gb or if this is the correct value.
The RansomHouse group claimed on their site that they don't deploy ransomware, so this might be a failed attack where someone is trying to monetize some stolen data.https://t.co/qAwYYPn8W5June 27, 2022
RansomHouse emerged in December 2021 and established an extortion market in May 2022. The group claims the Saskatchewan Liquor and Gaming Authority (SLGA) as its first victim, with other purported victims, like ShopRite, added later.
News of the attack comes in the wake of the famed 'Gigabyte Hack' that found 112GB of data stolen from AMD partner Gigabyte. That information was later posted by the RansomEXX hacking group after Gigabyte/AMD apparently refused to pay a ransom. As a result, information about AMD's forthcoming Zen 4 processors was divulged prior to launch, and it later proved to be genuine information. We'll update as we learn more about this recent event.