Western Digital, the California-based IT storage company is about to see a huge raft of sensitive customer and corporate data get released online after refusing to negotiate with the ALPHAV ransomware group.
Back in March, the company was attacked by a then unknown threat actor who gained access to a number of internal systems.
A statement at the time from the company said “Based on the investigation to date, the company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data”
Service status reports on the Western Digital website show that customers who use the “my Cloud”, “My Home Cloud”, “My Home Cloud Duo”, “My Cloud OS5”, “SanDick ibi”, and the “SanDisk Ixpand Wireless Charger” services were all affected, although these services are now all back functioning normally.
What we have here is a failure to communicate
According to the ALPHAV blog on the dark web, Western Digital have steadfastly refused to negotiate with the attackers, and a comment directed at David Goeckeler suggests that those behind ALPHAV are about to ruin Western Digitals business.
He didn’t get in touch or glance at the webpage. Don’t be concerned, David. I’ll dismantle your wealth now. You appear so immense and influential.
ALPHAV
The message on the ALPHAV website states that on an unspecified day this coming week, ALPHAV will start to “share leaks every week until we lose interest. Once that happens, we will put their intelectual property up for sale, including code signing certificates, firmware, PII of customers, and more.”
To back up their claims, ALPHAV have included a number of screenshots on their website showing various internal files, emails, and Teams video calls
In a final comment to Western Digital , ALPHAV state that there is no more time to chat with them, and to prepare for the gradual fallout.
I wouldn’t want to be a WD customer at the moment…
Time will tell what data will be exposed in the coming weeks