GIGABYTE ransomware attack: RasomEXX gang stole 112GB of data

The RansomEXX ransomware gang claims to have stolen 112GB of data from GIGABYTE, a Taiwanese computer hardware manufacturer and distributor.

 

The RansomEXX gang’s leak site does not mention the company name as of this writing, however BleepingComputer has confirmed that the attack was carried out by this ransomware gang.

 

The attack occurred on Tuesday night, and the corporation responded by shutting down its servers to prevent the ransomware from spreading. The event impacted several of the company’s websites, including its support site and parts of the Taiwanese website.

 

The company confirmed the security breach and enlisted the expertise from outside security specialists to investigate the situation.

 

“GIGABYTE, a major manufacturer of motherboards and graphics cards, confirmed that some servers were attacked by hackers today, and the security defense was activated as soon as possible. All affected internal services have resumed operation. Currently, production, sales and daily operations are not affected.” states the Chinese news site United Daily News.

“GIGABYTE released a major message stating that the information security team has cooperated with technical experts from a number of external information security companies to jointly handle this cyberattack on a small number of servers of GIGABYTE, and has notified the abnormal network conditions it has detected.”

 

 

Law enforcement was also notified by the company.

 

A ransom note was sent to BleepingComputer, which included a URL to a private page with instructions for Gigabytes to begin talks. The victims can also test the decryption of a ransomware-encrypted file on the page.

 

“We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it.
Many of them are under NDA (Intel, AMD, American Megatrends).
Leak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others.” reads the leak page viewed by BleepingComputer.

 

 

Images of documents stolen from the company are also included on the data leak page.

 

The RansomEXX gang recently infected the systems in the Lazio area of Italy, causing issues with the ongoing COVID19 vaccination campaign.

 

 

You might also like:

Angry Conti ransomware affiliate reveals gang’s playbook

Google Chrome won’t show secure website indicators: Report