Return to list of client alerts
Western Digital has been investigating a breach of customer information since early April. They have concluded that customer information such as names, physical addresses, emails, phone numbers, encrypted passwords and partial credit card numbers were stolen.
Ransomware group BlackCat wants an 8-figure ransom and they claim to have the company’s code signing certificate, which Western Digital sort of, kind of denies. What they said is that they are equipped to revoke code-signing certificates if needed, but that doesn’t mean that the client software is prepared to deal with that.
This is kind of normal, nothing to see here, so why the alert?
Because the hackers decided to poke Western Digital in the eye by posting a screen cap of a video conference call of the company’s incident response team meeting.
We always tell clients not to use their existing infrastructure when they are investigating a breach. This is why. I have not seen any more embarrassing evidence of this than this case. Likely the hackers were or are still inside the company’s network after the breach and during the investigation.
Assume that your existing infrastructure is compromised after a breach and proceed accordingly. If you need help dealing with this after a security incident, please contact us.
Credit: Dark Reading