Gigabyte suffers from ransomware attack |
Taiwanese motherboard manufacturer Gigabyte has been attacked by ransomware group RansomEXX, which threatened to reveal 112 gigabytes of stolen data if a ransom was not paid.
Gigabyte is best known for its motherboards, but it also manufactures other computer hardware and components such as graphics cards, data center servers, laptops, and monitors.
The attack forced the company to shut down the system in Taiwan. The incident also affected several of the company's sites, including parts of its support site and its Taiwanese site.
Customers have also reported problems accessing support materials or receiving updated RMA information, possibly due to ransomware attacks.
According to Chinese news site Lianhe Daily, the company confirmed that it had suffered a cyber attack that affected a few servers.
After discovering unusual activity on its network, the company shut down its computer system and notified law enforcement agencies.
Gigabyte suffers from ransomware attack
Although the company has not officially identified who is responsible for the ransomware attack, the information points to the RansomEXX group.
When RansomEXX encrypts the network, it places ransom notes on every encrypted device.
These ransom requests contain a link to a non-public page that can only be accessed by victims. This is used to test decrypt individual files and leave an email address to start ransom negotiations.
The organization claimed that it stole 112 gigabytes of data from the company's internal network and Git repository of the giant US Directions during the attack.
The organization also shared screenshots of four non-disclosure agreements documents stolen in the attack. Sensitive files include American Megatrends debug files, potentially problematic Intel files, Ice Lake D SKU stack upgrade plan, and AMD verification instructions.
RansomEXX Group was initially established in 2018 under the name Defray. However, as it became more active, it was renamed RansomEXX in June 2020.
Like other ransomware organizations, RansomEXX infiltrates the network via Remote Desktop Protocol and uses or steals credentials.
Once it reaches the network, it will collect more credentials as it slowly takes control of the Windows domain controller.
Thanks to this horizontal distribution across the network, they steal data from unencrypted devices that are used for extortion.