Many users have recently complained that some of Gigabyte’s support sites have been taken offline, and this is due to an apparent ransomware attack in which a hacking group has claimed to have sensitive data, and is holding it hostage.
The hackers have asked for ransom from the OEM and have threatened that if the ransom is not paid, the culprits will publish 112 gigabytes of stolen files, which also includes a file containing confidential AMD and Intel documents.
“We have downloaded 112 GB (120,971,743,713 byes of your files and we are ready to PUBLISH it. Many of them are under NDA (Intel, AMD, American Megatrends). Leaked sources: new Autobot.gigabyte.intra, git.ami.com.tw and some others.”
many assume that the documents which are swiped by the hackers contain some documents that fall under at purview of non-disclosure agreements related to tech giants such as Intel and AMD, which are the biggest clients of Gigabyte.
The sensitive information which is reportedly stolen might be related to the latest upcoming launches of both intel and AMD. As we know that Intel is getting ready to launch its heterogeneous Alder Lake processors later this year and AMD, will be refreshing its Zen 3 lineup with stacked 3D vertical cache, and next year is the scheduled release of its Zen 4 processors.
According to sources, Gigabyte has fallen prey to RansomEXX, which is the same gang that was known as Defray a few years ago. What they do is that they typically weasel their way into protected networks using a combination of stolen network credentials and leveraging upon Remote Desktop Protocol (RPD) vulnerabilities.
Once they gain entry, then they start collecting more credentials and eventually take control of the Windows domain controller. This allows them to steal data along the way and sometimes they also encrypt the files. The group has been successful in carrying out multiple ransomware attacks against high profile targets.
To prove that they have some sensitive information in their grasps, the group of hackers has contacted Gigabyte officials with links to non-publicized pages where they can decrypt a single file. Once done, the officials are encouraged to provide contact details to work out a deal for the stolen data. This is some top level s**t.
For now, we don’t have any information as to the amount which the hackers are seeking, however, considering that the hacker has access to highly sensitive data we might expect them to demand some high amount. For more updates stay tuned.
