Friday, April 14th 2023
Western Digital My Cloud Service Hacked, Customer Data Under Ransom
Western Digital has declared that its My Cloud online service has been compromised by a group of hackers late last month: "On March 26, 2023, Western Digital identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company's systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities."
The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."
According to a news feature, published by TechCrunch, its author has been in contact with the perpetrator(s) responsible for the online attack. The group claims that it has stolen around 10 terabytes of data from the company, and a significant chunk of this information is comprised of customer information. A ransom request in the region of "a minimum 8 figures" has been dangled in front of Western Digital - the hackers are demanding a significant chunk of change in exchange for the return of stolen data. WD is facing the threat of its (previously private/secure) cloud customer base's information being published across the internet, but their first port of call will be on the website operated by ransomware crew Alphv (aka BlackCat). The hackers deny having any direct links to Alphv/BlackCat, but do acknowledge that they are appreciated for being "professional" within the online crime sector.
TechCrunch was granted access to a small sample of evidence courtesy of their contact within the hacking organization - including active customer phone numbers and a file that had been digitally authenticated with Western Digital's code-signing certificate. The hackers have boasted that they have also smashed through enough security measures in order to reach internal Western Digital staff systems - including corporate emails, e-commerce material and back-end interfaces.
The hackers are plainly motivated by the potential of making a lot of money from the attack - part of their statement (directed at WD) reads: "We only need a one-time payment, and then we will leave your network and let you know about your weaknesses. No lasting harm has been done. But if there are any efforts to interfere with us, our systems, or anything else. We will strike back. We are still buried in your network and we will keep digging there until we find a payment from you. We can completely conceal this and make it all disappear. Before it is too late, let us do that. Until now, you have been gracious; let's hope that you do not keep going the wrong way. Cut the crap, get the money, and let's both go our separate ways. Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario."
Western Digital has yet to publish any official statement regarding potential interactions or negotiation proceedings occurring between it and the ransom holders.
Sources:
Tech Crunch, Business Wire, Varonis Blog, Radware, emsisoft.com Blog
The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."
The hackers are plainly motivated by the potential of making a lot of money from the attack - part of their statement (directed at WD) reads: "We only need a one-time payment, and then we will leave your network and let you know about your weaknesses. No lasting harm has been done. But if there are any efforts to interfere with us, our systems, or anything else. We will strike back. We are still buried in your network and we will keep digging there until we find a payment from you. We can completely conceal this and make it all disappear. Before it is too late, let us do that. Until now, you have been gracious; let's hope that you do not keep going the wrong way. Cut the crap, get the money, and let's both go our separate ways. Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario."
Western Digital has yet to publish any official statement regarding potential interactions or negotiation proceedings occurring between it and the ransom holders.
41 Comments on Western Digital My Cloud Service Hacked, Customer Data Under Ransom
What have I always said about never storing precious and personal data on the cloud? Mmm... I can't remember. :rolleyes:
And that's just the data itself, no telling what else they can do after they go through it all.Don't be so complacient "Bob"..... Even your shit has value to a hacker and could be taken for about any reason you can put a name to - You fit a certain demographic type, the hacker is just bored that day, maybe looking for an E-Z target to help pad their quota count of the day..... Hacker's rage and you just wandered into the line of fire with a simple, innocent mouse click over at you favorite pron site......Who really knows?
TBH all they need is just one to do it and if they've got it well.... Guess what?
Yep - They DID take it from you Bob and you "took it" from them too!!
My mom and dad once met and attended a security seminar by the guy who was the subject of the movie 'Catch Me If You Can'. The stuff they said he told them about how to avoid scams was mindblowing at the time--stuff you would never think of and yet was dead obvious.Yep--'the only winning move is not to play'It always helps to error on the side of caution. :):laugh::laugh: Funniest thing I've read this week!And these are facts that people really need to digest when determining what they think is 'safe'. The last statement about how it is easier to find exploits than design a system with no exploits should really stand out.Yep, and the bigger the payoff, the greater will be the effort. It's why bigger companies usually get in the crosshairs before smaller ones do.
That makes all this possible.
The only thing holding most people back is cantbebotheredness. A terrible illness plaguing the lazy.
Dare I say it? I've got a foot in both camps. But this article, thread and my comment, will hopefully kick me up the backside to get that new server and NAS installed that was on my to-do list since December?
But I do agree, for "planned jobs" having a USB/external HDD is the fastest, simplest, and safest way to go
Let's rephrase it: with a how-to, most people on this forum should be able to follow the instructions. Whether they will choose to invest their time and do it properly is another matter...