Last Friday (6), the gigabyte acknowledged having been the victim of a hacker attack. The company — one of the world’s biggest motherboard makers — gave few details about what happened, but it seems that the hack was carried out by the ransomware group. RansomExx, which allegedly threatened to disclose 112 GB of company data in case of non-payment of ransom.
At least that’s what the BleepingComputer. According to the vehicle, the attack took place on Tuesday night (3) and forced the company to disable several of its systems. The consequences were felt by customers: support services were inaccessible, including documentation and repair tracking pages.
Although it is best known for manufacturing motherboards and graphics cards, Gigabyte has a large product catalog, which includes notebooks, monitors, servers and PC accessories. Lack of support can therefore affect a large number of customers. company.
112GB of data under threat
Equally or more serious than leaving customers unattended, the attack can expose sensitive data. The information available so far indicates that RansomExx would have been able to collect 112 GB of data from Gigabyte, including sensitive documents from partner companies, including Intel, AMD and American Megatrends (AMI).
This is the double extortion approach that is very common in today’s ransomware attacks. In it, the attacker not only encrypts the victim’s files, but threatens to divulge data captured during the attack to increase payment pressure.
In these circumstances, hackers usually set a deadline of a few days for the ransom to be paid and threaten to release the data on the internet (usually on the dark web) if the deadline is not respected.
To prove that sensitive data has been accessed, ransomware groups also often release samples. It is the case here. O BleepingComputer claims to have had access to images of four Gigabyte documents allegedly captured by RansomExx.
The group routinely inserts ransom notes on each victim’s computer affected by their ransomware. In Gigabyte’s case, the notes instruct a member of the company’s IT staff to contact the attackers to arrange a ransom, although the requested amount has not been disclosed.
Authorities and security experts recommend that, in ransomware attacks, the ransom is never paid, as this encourages this type of action and, even with payment, there is no guarantee of file recovery.
But this is always a decision for the victim. It’s unclear whether Gigabyte has been negotiating with the members of RansomExx, however. If so, negotiations may not be moving forward, as some company services remain unavailable or unstable. The page esupport.gigabyte.com, for example, was offline this Monday morning (9).
RansomExx has already claimed victims in Brazil
RansomExx started its activities in 2018, when it was called Defray. In June 2020, the group assumed its current name and since then has intensified its attacks in various parts of the world.
In Brazil, one of the victims of RansomExx was the Superior Court of Justice (STJ), in an attack carried out in November 2020.
Tecnocast 202 – Cryptocurrencies and crime
Amid the fluctuations of the decentralized economy, the cryptocurrencies they have already surpassed $1 trillion in market value. With so much digital money circulating, it’s inevitable to ask: how much of that amount is spent on criminal activities?
attacks with ransomware, pyramid schemes, hidden sales by the darknet… Billions of dollars worth of digital coins have already fallen into the pockets of crooks. What are the most common crimes? And how are the authorities responding to this? These are some of the topics covered in this episode about cryptoactives and crime. Play and come with us!