RansomHouse extortion group claims AMD as its latest victim

AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the U.S. chipmaker.

An AMD spokesperson told TechCrunch that the company “is aware of a bad actor claiming to be in possession of stolen data,” adding that “an investigation is currently underway.”

RansomHouse, which earlier this month claimed responsibility for a cyberattack on Shoprite, Africa’s largest retailer, claims to have breached AMD on January 5 to steal 450GB of data. The group claims to be targeting companies with weak security, and claimed it was able to compromise AMD due to the use of weak passwords throughout the organization.

“An era of high-end technology, progress and top security… there’s so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords to protect their networks from intrusion,” RansomHouse wrote on its data leak site. “It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on — all thanks to these passwords.”

Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch there’s no reason to doubt the group’s claims. “Ransomware operators are untrustworthy bad-faith actors and all their claims should be viewed with skepticism,” he said. “That said, as far as I’m aware, none of the claims they’ve made to date have proven to be false.”

A portion of the stolen data leaked by RansomHouse and seen by TechCrunch suggests that AMD employees were using passwords as simple as “password,” “123456” and “Welcome1.” Other data posted by the group appears to include network files and system information. It’s unclear if a ransom demand has been made to AMD, but RansomHouse advises victims to contact its support team to receive “further instructions” on how to prevent full data disclosure.

AMD would not say if it had received a ransom demand, nor would it say which of its systems had been targeted or whether customer data was accessed as a result. The chipmaker also declined to answer any questions regarding its password security measures.

Unlike other cybercrime gangs, RansomHouse claims it’s not a “ransomware” group, rather it describes its operation as a “professional mediators community,” even if the end goal of extorting companies for money remains the same.

“We have nothing to do with any breaches and don’t produce or use any ransomware,” RansomHouse says on its dark web site. “Our primary goal is to minimize the damage that might be sustained by related parties. RansomHouse members prefer common sense, good conflict management and intelligent negotiations in an effort to achieve fulfilment [sic] of each party’s obligations instead of having non-constructive arguments.”

RansomHouse first emerged in December 2021 and currently lists six victims on its data leak site, the first of which was Canada’s Saskatchewan Liquor and Gaming Authority (SLGA).