According to a report by TheRecord, Gigabyte has been the target of a ransomware hack that could end up significantly affecting business operations over the next few weeks. Details sourced by the publication reveal that hackers running under the tag of "RansomExx" have encrypted almost 112 GB worth of files and are threatening to publish what are easily highly confidential documents if their demands are not met. This is different from a usual ransomware scenario where the files are locally encrypted but not exfiltrated from the local IT hardware.
RansomExx gang threatens to dump 112 GB worth of data containing confidential Intel, AMD, AMI and potentially NVIDIA documentation
While it wasn't mentioned, it is highly likely that documents pertaining to NVIDIA corporation are part of this threat too as Gigabyte produces their GPUs as well as Intel/AMD CPUs and American Megatrend documented motherboards.
We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it.
Many of them are under NDA (Intel, AMD, American Megatrends).
Leak sources: [redacted]gigabyte.intra, git.[redacted].tw and some others.
Message on RansomExx extortion page
The ransom note was found by the source on a dark web page and warns them not to contact them unless they have the ability to act on behalf of the company. Interestingly, the actual ransomware demand wasn't listed on this page (or not screenshotted).
To prove they had access to the 112 GB of confidential data, they posted a screenshot of potential vulnerabilities (we have blurred out the details as some of these could be unpatched at the time of writing). GIGABYTE didn't comment on the issue apart from stating that it had isolated the infected servers from the rest of its network and notified law enforcement.
Ransomware attacks on megacorporations, while expensive, are usually harmless in the long run. This is because big companies have immaculately managed IT departments that keep offsite backups which can restore a ransomware attack in a few weeks. Unfortunately for Gigabyte, however, there appears to be an exfiltration element to this attack (which is unusual). Not only did they encrypt all data locally, they also claim to have exfiltrated almost 112 GB of data. This could prove to be extremely worrisome for Gigabyte and its stakeholders as confidential documents could contain everything from vBIOS encryption keys (the thing that keeps LHR GPUs secure)to floor plan, design documentations, and unpatched zero-day attack vulnerabilities.
According to TechPowerUp, the attack allegedly occurred on the 2nd of August. It is another in a string of cyber attacks on Taiwanese chip companies which have included big names like Acer and Compal in the past. RansomExx is a very high-profile attacker that has previously exfiltrated data from the Brazilian government, Texas department of transportation, Italy's lazio region and Ecuador's state-run Telecommunication Company. This is a developing story and we will provide an update when it becomes available.