The hackings of big tech-related companies continue; Electronic Arts and CD Projekt RED are two of the bigger companies that suffered debilitating attacks earlier this year, with most of their confidential information being held hostage by ransomware. This time around, the hackers prove themselves to a far more important name in the tech and gaming space, as they have targeted a big PC component and laptop manufacturer.
According to a report first broken by TheRecord, Gigabyte, the Taiwanese motherboard powerhouse, has found itself crippled by ransomware that will potentially slow down their business to a crawl for the next few weeks. The report reveals that the group of hackers are operating under the tag of “RansomExx”, and that the group currently has 112 GB worth of files that they are threatening to leak to the public if Gigabyte does not meet their demands.
Intel and AMD confidential files and a big, brewing storm
Unlike other ransomware scenarios, RansomExx encrypted the files locally while exfiltrating 112 GB of data. Some of the details from the RansomExx extortion page reveal that a lot of the information encrypted and held ransom are under non-disclosure agreement (NDA), including some from Intel, AMD and American Megatrends. It’s not far-fetched to also include Nvidia on this list, as Gigabyte is also known to carry the GPU company’s retail cards. That said, it’s still a big unknown with regards to the extent of what information has been encrypted.
Most of the known documentation on this developing story takes the form of document screenshots that was allegedly sourced from the dark web. Interestingly, the screenshots do not mention the ransom the group is asking for, probably as TheRecord found the information sensitive. For the same reason, a lot of the screenshotted documents have certain segments redacted.
What makes this attack on Gigabyte extremely worrying is its wider implications for the company’s infrastructure. The confidential documents that are being ransomed can range from the mundane to potentially threatening, including vBIOS keys and unpatched vulnerabilities for a lot of their products. This in turn could domino into something worse, and the bigger corporations like Intel and AMD may have to get involved.
This attack on Gigabyte is part of a string of hackings of big tech companies from Taiwan. Acer, AdvanTech, Compal, Quanta and Garmin are some of the bigger names that suffered such attacks, and if the trend continues we may see more in the future.