Earlier this month, Western Digital revealed it was the victim of a “network security incident” and shut down its cloud-based services as a precautionary measure. The company was tight-lipped about the scope of the attack. Now the hackers behind the incident have demanded at least $10 million.
However, the information regarding the alleged ransom doesn’t come from Western Digital. One of the hackers behind the plot reached out to the tech news outlet TechCrunch to make their demands known. The hacker claims that they obtained around 10 terabytes of data from WD, including “reams of customer information,” and are pushing the company to pay a “minimum of 8 figures” to keep them from publishing the stolen data.
In an effort to verify the hackers’ claims, TechCrunch received a digital file with WD’s code-signing certificate as a demonstration that the hackers could now impersonate the company. Two security researchers examined the file and agreed it was a genuine certificate. The hackers also provided TechCrunch with the personal contact information of WD executives. Additionally, they shared screenshots of WD’s Box account, internal emails, a group call involving Western Digital’s chief information security officer, and other information confirming that hackers had deep access to the company’s systems.
According to the hackers, the purpose of the attack is to make money. But WD isn’t cooperating, TechCrunch reports. Company executives have not responded to personal emails and repeated phone calls. The hackers told TechCrunch that if Western Digital continues to stonewall, they will start publishing the stolen information on ransomware gang Alphv’s website.
For its part, Western Digital remains publicly silent on the attack. Outside of its initial disclosure of the “network security incident,” the company hasn’t communicated any information about the nature of the attack, what was stolen, or its plans to handle the crisis.
The only communication customers have received was an email announcing that the company’s cloud-based My Cloud Home was back online. And while the company thanked customers for their patience during the outage, it did not address the data hostage situation nor reveal further information about the hack.
And it’s worth noting that the restoration of My Cloud Home and the email announcement to customers occurred after TechCrunch published its story about its communication with the hackers. Additionally, TechCrunch reported that WD spokesperson Charlie Smalling declined to comment or answer questions about the hacker’s claims nor confirm details regarding what was stolen in the incident.
Review Geek has reached out to Western Digital for comment on these developments.