In December 2021, a hacker group emerged, called RansomHouse. This is a data extortion cybercriminal organization that mainly launches attacks through the dark web. What is rare is that this organization also created a Telegram channel to record daily activities.

In December 2021, a hacker organization emerged. It is called RansomHouse.

This is a data extortion cybercrime organization that mainly launches attacks through the dark web. What is rare is that this organization also created a telegram channel to record daily activities.

Back in January of this year, RansomHouse compromised AMD and stole hundreds of gigabytes of data.

In order to prove that the attack is true, RansomHouse disclosed a data sample. How can I put it, these days, hackers who have self-certified successful intrusions are indeed rare.

Among the disclosed data samples is a leaked CSV file covering more than 70,000 devices that appears to belong to AMD's internal network.

Additionally, there is a list of AMD corporate user credentials, including weak passwords such as password, P@ssw0rd, Welcome1, etc.

If this is the case, such a common and simple weak password and can be deciphered by hackers in a few minutes, and they can hack into AMD's internal system without any effort.

Generally speaking, it is a routine operation to use common passwords to attack the network and gain access to the victim. Anyone who pays a little attention to network security will be familiar with this method.

However, this time, the situation is slightly different.

According to RansomHouse himself, AMD only uses "simple passwords" to protect the network.

"In such an era of advanced technology, even technology giants like AMD only use some simple passwords, and these passwords are indeed used by AMD employees. We are very sorry for this, but we are very grateful to the AMD security department. It would be even more embarrassing, after all, they also received a construction fund due to the data leak. "

In this attack, RansomHouse fully demonstrated its unconventional characteristics. In the past, it recorded daily activities on telegram, and later it was useful for guessing. The method allows the public to guess which company was hacked by him.

Under such interaction, everyone mobilized their ingenuity. Surprisingly, AMD could not sit still.

It was not until June 28 that AMD issued a statement, revealing that it was the answer.

AMD said it is aware of criminals claiming to have stolen data from AMD, and the company is currently investigating the situation.

Roger Grimes, data-driven defense evangelist for security awareness training company KnowBe4 Inc, said: "AMD and any high-tech company should require phishing-resistant multi-factor authentication for all logins, or if MFA is not available, require strong and unique password. Any lesser practice without adequate countervailing controls would be considered an oversight by most computer security experts. "It's ironic that AMD employees are still using 'password' as the password for critical network access," Gurucul added. Dow, "How does this still happen in a company that has security engineers savvy? It's frankly beyond comprehension. It's time to change all your passwords and clean up your security controls. Seriously, it's time." ”

mentioned RansomHouse, which has been operating since December 2021, and its first target was the Saskatchewan Liquor and Gaming Authority (SLGA).

RansomHouse gained notoriety earlier this month when it leaked data from ShopRite, Africa’s largest retail chain.

Now AMD has officially joined the ranks of victims.

RansomHouse’s darknet website lists a total of six victims from around the world.

Ransom House describes these victims as follows: "These companies either believe their financial interests outweigh the interests of the partners/individuals who entrust their data to them, or they choose to hide the fact that they have been compromised."

and other cybercrime RansomHouse doesn’t actually claim to be a “ransomware” group, they have always called themselves a “community of professional mediators.”

In addition, the group also stated that they did not produce ransomware or encrypt data, which is a significant difference from other notorious ransomware groups. The

RansomHouse website also writes: We are not associated with any breaches and do not produce or use any ransomware. Our main objective is to minimize the damage that may be suffered by the parties involved.

However, a description of ransomware has also been exposed before, which clearly shows that they are related to ransomware organizations.

The investigation into this attack is still ongoing, and AMD will never be the last hacker. Although network attacks are difficult to prevent, it is really unbelievable that they were defeated by weak passwords.

Text | Muzi Yanni

Hi, here It is light black technology. In the face of the future, we are all children.

If you want to see more technology stories, please click → WeChat public account: Qianhei Technology.