Cyber Incident Victim: ADATA Technology Co., Ltd.

On May 23, 2021, Taiwan-based memory and storage manufacturer ADATA suffered a ransomware attack that forced the company to take impacted systems offline. The company confirmed the incident occurred in late May and stated it immediately suspended affected systems upon detection. ADATA manufactures DRAM memory modules, NAND Flash products, SSDs, and industrial solutions, ranking as the world's second-largest DRAM and SSD maker in 2018. The company notified international authorities to assist in tracking the attackers and initiated recovery efforts. Business operations experienced initial disruption but resumed normal functionality through contingency measures, with affected devices being restored and security systems upgraded. ADATA emphasized its commitment to strengthening system protections following the incident but did not disclose operational specifics about the ransomware group involved or any ransom demands.

The Ragnar Locker ransomware gang claimed responsibility for the attack, alleging they exfiltrated 1.5TB of sensitive data prior to deploying ransomware payloads. The group published screenshots of stolen files on their dark web leak site as proof, threatening full data leakage unless ADATA paid the ransom. Compromised data included proprietary business information, financial records, Gitlab and SVN source code repositories, legal documents, employee information, non-disclosure agreements, product schematics, and work folders. Ragnar Locker operators were known for terminating remote management software like ConnectWise and Kaseya during attacks to evade detection by managed service providers. The FBI had previously warned about escalating Ragnar Locker activity following a 2020 attack on a multinational network, highlighting their focus on enterprise targets. ADATA did not confirm the validity of Ragnar Locker’s data theft claims but maintained that recovery efforts prioritized system restoration and security enhancements.