- GIGABYTE has admitted a cybersecurity incident has disrupted its website uptime for a while.
- The ransomware group ‘RansomEXX’ has taken responsibility and leaked some sample documents.
- The hardware maker stated that the attack was thwarted immediately and that no adverse effects are to be expected.
GIGABYTE, the Taiwanese motherboards and graphics card manufacturer that is among the leaders of computer hardware vendors globally, has confirmed a ransomware attack on its systems but clarified that the incident doesn’t affect its sales, services, or production operations.
The statement that was shared with local media outlets describes a rapid defensive response to the attacks and an equally speedy restoration of the affected systems, which were allegedly limited in numbers. Indeed, for a brief period on Tuesday and Wednesday, some of the company’s websites went offline.
Although the firm hasn’t named the actors responsible for this, Bleeping Computer reports that the dark web portal of the ‘RansomEXX’ ransomware gang has posted a relevant listing, threatening to publish 112 GB of data they stole from GIGABYTE unless their ransom demands are met.
According to the same source, the sample leaked as proof of the data breach includes non-disclosure agreements, an AMD revision guide, an American Megatrends debug document, and an Intel “Potential Issues” document.
We cannot possibly confirm the authenticity of this data and whether or not they were really stolen from GIGABYTE’s compromised servers. Still, if the actors leaked the least damaging files, for starters, it doesn’t look good for the Taiwanese company. Also, the notice is pretty aggressive, warning the victim that they only got one chance to resolve this or the ransom amount will be doubled.
‘RansomEXX’ isn’t the most active ransomware gang out there, yet they are keen on targeting big entities that could potentially yield significant amounts in ransom payments. Back in December 2020, the group launched a successful attack against Embraer, the largest aerospace and aeronautical company in Brazil.
As for Taiwanese tech firms and their lucrativity as targets of ransomware groups, they are very high on the list of candidates for a number of reasons. In summary, they are economically strong companies that can’t afford to have disruptions in their production at the moment, so they are more likely to pay the demanded ransom without much negotiation. This is why we recently saw ‘Ragnar Locker’ attacking ADATA, ‘REvil’ delivering a blow to Acer, and ‘DoppelPaymer’ targeting Compal Electronics.