Western Digital, the digital storage giant, discovered on March 26. In response, the company shut down some services and informed customers about the cyberattack in early April. However, Western Digital did not provide any updates until May 5. Just days after the company’s second public statement, a ransomware group known as Alphv/BlackCat began publishing screenshots that revealed the extent of their access. The screenshots showed video calls, emails, internal documents related to the cyberattack, internal tools, invoices, and confidential communications.
The hackers threatened to make customers personal information, firmware, code signing certificates, and intellectual property public unless Western Digital paid up. On Friday, Western Digital confirmed that the hackers had accessed a database associated with its online store, which contained customers’ personal information such as name, billing and shipping address, phone number, email address, hashed and salted password, and partial credit card number.
Western Digital expects to restore the online store during the week of May 15, and the My Cloud service, which was also shut down following the hack, was restored in mid-April. While Western Digital is still investigating the validity of other data made public by the ransomware group, the company provided clarifications regarding digital certificates.
The company has confirmed that they have control over their digital certificate infrastructure and can revoke certificates as needed to protect customers from fraudulently using digital signing technology. Meanwhile, a different ransomware group hacked computer manufacturer MSI and recently leaked what appeared to be firmware image signing keys and Intel BootGuard keys associated with several major vendors.
Firmware security company Binarly has analyzed the leaked keys and warned of potentially severe consequences. According to CEO Alex Matrosov, the signing keys for firmware images allow an attacker to craft malicious firmware updates that can be delivered through a normal BIOS update process with MSI update tools. Additionally, the Intel BootGuard keys leak impacts the whole ecosystem and makes this security feature useless.
