Gigabyte, the world’s leading manufacturer of computer components, is the latest high-profile victim of a sophisticated ransomware attack. The RansomEXX group has reportedly contacted the Taiwanese company and threatened to publish 112GB of stolen data.
The RansomEXX ransomware operation that started as Defray, managed to cripple and compromise a few servers of Gigabyte. Although the attack seems small, Gigabyte’s 112GB is apparently in the control of the group.
Taiwanese Co. Gigabyte suffers Ransomware attack but servers not encrypted:
Gigabyte has suffered a ransomware attack. The company majorly manufacturers motherboards for computers. However, it also mass-manufactures other computer components and hardware, such as graphics cards, data center servers, laptops, and monitors.
The RansomEXX ransomware operation hit the manufacturer late Tuesday night, and the company, upon realizing it was under attack, took necessary evasive actions.
Motherboard vendor GIGABYTE hit by RansomExx ransomware gang https://t.co/MP5EV3bPEa <- h/t to @CyberCaffeinate
Phrase of interest: "A spokesperson said the incident did not impact production systems." … I beg to differ. pic.twitter.com/xVXG1UftFj
— MikeTalonNYC (@MikeTalonNYC) August 6, 2021
After realizing it was being attacked, Gigabyte shut down its systems in Taiwan. The actions of the company reflect in quite a few of the official websites.
"Computer hardware giant GIGABYTE hit by RansomEXX ransomware"
Going after the big names, who are partners with top ones, and possibly have very sensitive information.
Do you have a proper security posture in order not to fall like…https://t.co/gXrWPxBELU https://t.co/bCezJszFSY
— tresronours cybersec (@tresronours) August 6, 2021
Several regular and new customers reported issues while accessing support documents or receiving updated information about RMA. Gigabyte has reportedly acknowledged the attack. The company added that the attack affected a small number of servers.
Gigabyte confirmed that it quickly shut down its IT systems and notified law enforcement. Incidentally, Gigabyte has not officially stated which ransomware operation performed the attack.
RansomEXX group most likely behind the attack:
Reports indicate the RansomEXX operation has left its digital fingerprints at the crime scene. The group even left behind a virtual calling card in the form of multiple ransom notes.
“These ransom notes contain a link to a non-public page meant to only be accessible to the victim to test the decryption of one file and to leave an email address to begin ransom negotiations.”
Hacking group RansomExx claims to have stolen company files from Gigabyte's servers.
PC component maker Gigabyte suffered a ransomware attack on Friday, ac…Read more: https://t.co/KwWvOEXuIH
— webnow🌎 (@webnowcompany) August 6, 2021
Apparently, the threat actors claim to have stolen 112 GB of data from an internal Gigabyte network as well as the American Megatrends Git Repository. The note states:
“We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it.
Many of them are under NDA (Intel, AMD, American Megatrends).
Leak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others.”
The group has also shared screenshots of four documents under NDA that they allegedly stole during the attack.
Screenshot of the RansomExx gang's extortion page, where they're threatening to release more than 112 GB of Gigabyte's data unless they get paid. pic.twitter.com/r9ivFBmnFk
— Catalin Cimpanu (@campuscodi) August 6, 2021
Some of the confidential documents allegedly include an American Megatrends debug document, an Intel “Potential Issues” document, an “Ice Lake D SKU stack update schedule,” and an AMD revision guide. The group has apparently promised that they will not be posting sensitive or confidential information on the Dark Web.
Needless to add, this is a developing story. As Gigabyte claims it has approached law enforcement, it is likely the company won’t pay the ransom.