Western Digital has restored all of its services, following a cyber attack earlier this month. However, the cyber burglars reportedly involved, have now answered questions from TechCrunch. They state that they had withdrawn ten terabytes of data and are now demanding an eight-digit ransom. They are coercing the company to negotiate the ransom in order not to publish the stolen data in return. The burglars have proved their ability to impersonate the company and have leaked non-public phone numbers of company managers. Although nobody answered the phone, two of the numbers had an answering machine with the names of the executives.
Screenshots taken by the cybercriminals show a folder from a Box account believed to belong to WD, an email, files from a PrivateArk instance, and a group call in which one participant posed as WD’s Chief Information Officer (CISO). They also reveal that they have stolen data from the SAP systems. However, they would have decided against using ransomware to encrypt the data. They would have called many times and sent e-mails to the executives’ personal e-mail addresses, in which they demanded a one-time payment, but received no response.
A company spokesman declined to comment or answer questions regarding the alleged attackers’ claims. The cyber burglars threatened to publish the data on the Darknet site of the AlphV cybergang in the event of non-payment. They classified themselves and AlphV as professionals, but did not disclose the name of their group. AlphV is considered particularly ruthless; it has released sensitive data such as cancer patients’ nude photos from Lehigh Valley Health Network.
Details of the cyber attack were not known to the company. Western Digital only explained that unauthorized third parties were able to access data from the systems. The attack had interrupted parts of business operations, leading to the failure of services such as “My Cloud”; even local access to many NAS was not possible. However, the company was able to turn the traffic light for “Local Access” to green over Easter, providing assistance on how at least access to the local data on the NAS could be achieved again.