Taiwanese hardware component manufacture GIGABYTE suffered a cyberattack by ransomware operators, who allegedly encrypted and stole over 112 GB of sensitive data.
But what makes this incident stand out is the fact that cybercriminals used “two-pronged” attack tactics: data encryption combined with data theft. These tactics are employed to pressure Gigabyte into paying the ransom or have its sensitive data published online, which could adversely affect its business.
The tech giant admitted to suffering a security intrusion that forced the company to shut down parts of its IT network. As a result, the company’s support website, support documentation, and other bits of important information weren’t accessible at the time.
And despite all the elements pointing to the contrary, Gigabyte, who recently unveiled Ryzen-powered mid-range gaming laptops, is hesitant to call the incident a ransomware attack.
However, according to various online sources, Gigabyte was attacked by the RansomEXX cybercriminal group, responsible for several other high-profile cybersecurity incidents across the globe.
RansomEXX, previously known as Defray, rebranded in 2020 when it began targeting high-profile organizations and companies, including the Brazilian government and Ecuador’s state-led telecommunications.
It’s also believed that this particular cybercriminal organization is responsible for the last year’s ransomware attack on Texas’ Department of Transportation. But what makes this incident more complicated for Gigabyte, besides the aforementioned data encryption, is data theft.
Companies as large as Gigabyte maintain timely backups of their data, so it’s entirely possible for the company to recover some, if not all, files RansomEXX encrypted. However, the hacker collective claims that they’ve downloaded 112 GB of said data and threaten to make the confidential information public if Gigabyte refuses to “cooperate.”
According to a ransom note posted by the hackers, the stolen data allegedly contains confidential documentation from the company’s partners, like Intel, AMD, American Megatrends, and NVIDIA.
It’s worth noting that these documents are protected by NDA, as they most probably contain motherboard designs, UEFI/BIOS/TPM data, and CPU/GPU designs. The public disclosure of those designs or other NDA-protected information could give the aforementioned companies ground for legal action against Gigabyte.
RansomEXX also listed sources from which they downloaded the files, several screenshots of debugging and potential issues document, and a hardware revision guide, proving their possession of sensitive material.
The group also warned potential negotiators not to contact them unless they can act on behalf of the company. Interestingly enough, the actual demands, in monetary terms, wasn’t listed on the page.
Gigabyte refused to comment on the issue, other than acknowledging it. The company isolated the infected servers from its network and notified law enforcement but remained silent as to whether it plans to pay the ransom.
These types of incidents are usually resolved behind closed doors, with the public remaining oblivious as to what actually transpired and whether the ransom was paid or not.
In most cases, ransomware attacks on megacorporations, while extensive, are usually harmless in the long run. For example, Electronic Arts, the game development and publishing company, recently suffered a security intrusion in which hackers stole 751GB of the company’s data, including source codes for the company’s prominent gaming titles.
The company refused to pay the ransom requested by the hackers, causing them to retaliate by dumping all 751GB of company data to public torrent sites.
Admittedly, Gigabyte’s situation appears more severe, as the incident involves potential disclosure of corporate secrets from other tech giants, like Intel or AMD, both of which already suffered information leaks in the past months.
So apart from a short-term financial hit Gigabyte stands to suffer if the company decides to pay the ransom, there’s also a continuous concern these attacks could leak trade secrets, inflicting more severe, long-term damage, which could topple giants – including the ones as big as Gigabyte and/or its partners.
In the end, it’s unclear how Gigabyte plans to resolve the issues and whether the demand has been paid or the negotiations are still in progress – if they were ever initiated in the first place. Whatever the case may be, this is a developing story whose conclusion remains uncertain.