Taiwanese motherboard manufacturer Gigabyte has been attacked by the RansomEXX ransomware gang, which threatens to release 112GB of stolen data unless the ransom is paid.

Gigabyte is best known for its motherboards, but it also makes other computer hardware and hardware, such as graphics cards, data center servers, laptops, and monitors.

The attack forced the company to shut down systems in Taiwan. The incident also affected several of the company’s websites, including its support site and parts of the Taiwanese site.

Customers have also reported problems accessing support documents or receiving updated information about RMA, possibly due to a ransomware attack.

According to the Chinese news site United Daily News, the company confirmed that it had suffered a cyber attack that affected a small number of servers.

After detecting abnormal activity across its network, the company shut down its IT systems and notified law enforcement.

Gigabyte under ransomware attack

While the company has not officially identified who is responsible for the ransomware attack, the information points to the RansomEXX group.

And when RansomEXX encrypts the network, it places the ransom notes through each encrypted device.

These ransom notes contain a link to a non-public page that is meant to be available only to the victim. This is to test decryption of a single file and leave an email address to start ransom negotiations.

The group claims that it stole 112GB of the company’s internal network data during the attack, as well as American Megatrends Git Repository.

The group also shared screenshots of four documents subject to a non-disclosure agreement stolen during the attack. The confidential documents include the American Megatrends debug document, the Intel Potential Problems document, the Ice Lake D SKU stack update schedule, and the AMD review guide.

The RansomEXX group originally started under the name Defray in 2018. However, it was rebranded to RansomEXX in June 2020 when it became more active.

Like other ransomware groups, RansomEXX penetrates the network through Remote Desktop Protocol, exploiting or stealing login credentials.

Once on the network, it collects more login data as it slowly takes over the Windows domain controller.

Through this lateral spread across the network, they steal data from unencrypted devices used for extortion.

Related Articles
Leave a Reply

Your email address will not be published. Required fields are marked *