Hackers Taunt Western Digital Response Team With Leaked Image
BlackCat has reportedly published screenshots of internal emails and video conferences pilfered from Western Digital, suggesting their continued access to the firm’s systems despite the firm’s breach response.
Moreover, the leak comes after BlackCat warned Western Digital on April 17th that they would hurt them until they cannot withstand the damage done if they ignored paying a ransom.
A Look Into March Cyberattack
On March 26th, Western Digital suffered a cyberattack the threat actors breached its internal network system and stole firm data. Nevertheless, no ransomware was executed and files were not encrypted.
In response, the firm shut down its cloud services for two weeks, which includes My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS 5, SanDisk ibi, SanDisk Ixpand Wireless Charger, and web apps.
Subsequently, the threat actors revealed samples of the stolen data, which incorporated signed files and code-signing keys, unlisted corporate phone numbers, and screenshots of other internal data.
Notably, the intruder asserted not to be affiliated with the BlackCat ransomware operation, shortly after, a message soon appeared on the gang’s data leak site, warning that Western Digital’s data would be publicly shared leaned in the case of failed ransom negotiation.
ALPHV Taunts Western Digital
In a further endeavor to taunt and discomfit Western Digital, security researcher Dominic Alvieri revealed that hackers have released twenty-nine screenshots of emails, documents, and video conferences related to the company’s response to the attack.
Shortly after the firm discovered the hacks, one of the first countermeasures is to figure out how the threat actor gained access to the network and block the path.
However, there is a gap between detection and response, letting the threat actor’s access persist even after an attack is detected, allowing them to observe the firm’s response and steal more data.
From the screenshots leaked by BlackCat, the threat actors are denoting that they had continued access to some of Western Digital’s systems as they show video conferences and emails about the attack.