Gigabyte hit with ransomware attack by infamous RansomExx group

Asian tech company Gigabyte has fallen victim to a ransomware attack. The attackers allegedly stole 112 gigabytes of sensitive business data. They threaten to make this data public unless the company pays an undisclosed ransom.

Gigabyte confirms to the Chinese news site United Daily News that the ransomware attack took place on the night of Tuesday to Wednesday local time last week. According to BleepingComputer, RansomEXX hackers are responsible for the attack.

A Gigabyte spokesperson said a small number of servers were affected by the ransomware attack. The tech company, a well-known producer of motherboards, graphics cards (GPUs) and other computer components, says that this forced it to take some systems offline. Several websites were temporarily unavailable for this reason, including customer service. Some customers who returned an order did not receive updates about the return process for some time.

The Gigabyte spokesperson does not want to lose who is behind the ransomware attack. According to BleepingComputer, it is a hacker group known as RansomEXX. It is a group that first appeared in 2018 under the name Defray. In mid-2020, as members became more active, the hacker collective changed its name to RansomEXX. Since then, the group has claimed many high-profile victims, including the Texas Department of Transportation (TxDOT) and the Brazilian government.

Anonymous sources tell BleepingComputer that members of RansomEXX stole 112 gigabytes of data in the ransomware attack. The attackers left a digital ransom note. In it they write that all data from Gigabyte is encrypted with ‘the most reliable algorithms’.

The hackers threaten to make the stolen data public unless Gigabyte pays a ransom. The amount involved is unknown. The perpetrators do say that it concerns confidential information from customers for which Gigabyte has signed a non-disclosure agreement (NDA). Confidential agreements with AMD, American Megatrends and chip manufacturer Intel, among others, would have been stolen. “The files are ready to be published,” the hackers warn.

Gigabyte would not confirm that RansomEXX claimed the cyberattack. She also does not want to say anything about the ransom amount requested. The company says it has warned the police and authorities about the attack.

This isn’t the first time hackers have targeted Asian tech companies with ransomware attacks. In March, the Russian-affiliated hacker group REvil managed to break into Acer’s corporate network. Hackers managed to steal an unknown amount of sensitive data, including financial reports, balance sheets and communication messages between Acer and the bank. To undo the effects of the ransomware, the perpetrators demanded a ransom of $50 million.

A month later, in April, REvil spoke again. This time, the group managed to infiltrate Quanta Computers’ network. The company manufactures a variety of technology products for customers, including Dell, HP, Alienware, Cisco and Microsoft. Apple’s blueprints were allegedly stolen in the attack. To keep these drawings secret, the attackers demanded $50 million.

The chances of seeing more such attacks from REvil in the future are slim. By mid – July, the members erased all digital traces of the hacker group. The sites on both the dark web and the regular internet were suddenly down. The hackers’ help desk was also suddenly no longer available. Finally, Unknown, a hacker who acts as a spokesperson for the hacker collective, was banned from the popular hacker forum XSS.

A Kremlin spokesman said the Russian government has nothing to do with REvil’s disappearance. Russian journalists asked him if he knew more about this. “I can’t answer your question because I don’t have that information. I don’t know where the group is, or where they went,” the spokesperson said.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts