Gigabyte suffers ransomware attack: RansomEXX group threatens to release 112GB of confidential and sensitive information

Gigabyte Ransomware Attack
Another company suffers a Ransomware attack. Pic credit: Marco Verch Professional/Flickr

Gigabyte, the world’s leading manufacturer of computer components, is the latest high-profile victim of a sophisticated ransomware attack. The RansomEXX group has reportedly contacted the Taiwanese company and threatened to publish 112GB of stolen data.

The RansomEXX ransomware operation that started as Defray, managed to cripple and compromise a few servers of Gigabyte. Although the attack seems small, Gigabyte’s 112GB is apparently in the control of the group.

Taiwanese Co. Gigabyte suffers Ransomware attack but servers not encrypted:

Gigabyte has suffered a ransomware attack. The company majorly manufacturers motherboards for computers. However, it also mass-manufactures other computer components and hardware, such as graphics cards, data center servers, laptops, and monitors.

The RansomEXX ransomware operation hit the manufacturer late Tuesday night, and the company, upon realizing it was under attack, took necessary evasive actions.

After realizing it was being attacked, Gigabyte shut down its systems in Taiwan. The actions of the company reflect in quite a few of the official websites.

Several regular and new customers reported issues while accessing support documents or receiving updated information about RMA. Gigabyte has reportedly acknowledged the attack. The company added that the attack affected a small number of servers.

Gigabyte confirmed that it quickly shut down its IT systems and notified law enforcement. Incidentally, Gigabyte has not officially stated which ransomware operation performed the attack.

RansomEXX group most likely behind the attack:

Reports indicate the RansomEXX operation has left its digital fingerprints at the crime scene. The group even left behind a virtual calling card in the form of multiple ransom notes.

“These ransom notes contain a link to a non-public page meant to only be accessible to the victim to test the decryption of one file and to leave an email address to begin ransom negotiations.”

Apparently, the threat actors claim to have stolen 112 GB of data from an internal Gigabyte network as well as the American Megatrends Git Repository. The note states:

“We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it.
Many of them are under NDA (Intel, AMD, American Megatrends).
Leak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others.”

The group has also shared screenshots of four documents under NDA that they allegedly stole during the attack.

Some of the confidential documents allegedly include an American Megatrends debug document, an Intel “Potential Issues” document, an “Ice Lake D SKU stack update schedule,” and an AMD revision guide. The group has apparently promised that they will not be posting sensitive or confidential information on the Dark Web.

Needless to add, this is a developing story. As Gigabyte claims it has approached law enforcement, it is likely the company won’t pay the ransom.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x