It's a story we've seen before, and one we'll undoubtedly see again.
A company gets breached, and a hacker tries to extort it for money.
The company in this case? Global chip maker AMD. The hacker? Someone who uses the online moniker "Palesa."
So far, though, AMD has expressed no desire to pay and is publicly downplaying the significance of the exfiltrated data.
AMD data breach response
On March 25, 2020, AMD posted this statement on its website:
At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down.
While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.
We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation.
The perpetrator in question contacted SecurityWeek about the nature of the stolen files:
A hacker who uses the online moniker "Palesa" claims to have obtained source code files related to several AMD graphics processing units (GPUs), including the Navi 10 architecture, which is used in some Radeon RX 5000-series graphics cards, the upcoming Navi 21, and Arden. Arden is the codename for the GPUs that will power Microsoft's upcoming Xbox Series X consoles.
Palesa told SecurityWeek that the files were taken from a server owned by AMD, not from a contractor. The hacker is hoping to obtain some money for the files, either from AMD or someone else.
So far, AMD has refused to answer Palesa's extortion attempt, though the hacker has allegedly received some "good offers in bitcoin" from others for the files.
Cyber extortion is a growing trend
Cyber extortion is a growing trend that organizations and cybersecurity teams are likely to face. Not just in one-off situations like this, but also as a widespread cybercrime shift.
Several ransomware operators now add extortion to data encryption during their attack. And this is a B2B and B2C type of threat. We reported on this in Hackers Try to Extort Plastic Surgery Patients
Here is a complimentary web conference resource that can help: Now that Ransomware Has Gone Nuclear, How Can You Avoid Becoming the Next Victim? The web conference is available live or on-demand.
