Taiwanese memory and storage chip maker ADATA was hit by the Ragnar Locker ransomware attack, where the gang have published download links for more than 700GB of stolen data.
A set of 13 archives, allegedly containing sensitive ADATA files, was made publicly available at a cloud-based storage service for some time.
The ransomware actor published the download links to a new set of ADATA corporate documents on their leak site, warning that the links would not stay for long.
Ragnar Locker ransomware gang initially published the archive on the MEGA storage service, but the platform closed their account and blocked access to the archives shared by the group.
Two of the leaked archives are large, which comes over 100GB, but most of them that could have been easily downloaded are less than 1.1GB large.
According to the file metadata published by the threat actor, the largest archive is close to 300GB while another large one is 117GB in size.
By looking at the names of the archives, Ragnar Locker likely stole from ADATA documents containing financial information, non-disclosure agreements, among other types of details.
The ransomware attack on ADATA occurred on May 23rd, 2021, that forced them to take systems offline.
The data leak clearly indicates that ADATA did not pay the ransom and restored the affected systems on its own.
The threat actor claims to have stolen 1.5TB of sensitive files before deploying the encryption routine. They stated that they offered to cooperate to fix the vulnerabilities and to restore the system and avoid any publication regarding this issue. But the company did not value much of their own private information, as well as partners/clients/employees/customers information.
The recently leaked batch of archives is the second one that Ragnar Locker ransomware publishes for ADATA. The previous one was posted earlier this month and includes four small 7-zip archives (less than 250MB together) which are still available for download.