Taiwanese motherboard maker Gigabyte has been strike by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen info except a ransom is compensated.

Gigabyte is greatest identified for its motherboards, but also manufactures other computer parts and components, this sort of as graphics playing cards, data middle servers, laptops, and screens.

The assault occurred late Tuesday evening into Wednesday and forced the business to shut down techniques in Taiwan. The incident also affected several sites of the business, like its aid internet site and portions of the Taiwanese site

Clients have also described difficulties accessing help files or obtaining up-to-date information about RMAs, which is very likely thanks to the ransomware attack.

According to the Chinese news site United Everyday News, Gigabyte confirmed they experienced a cyberattack that influenced a tiny number of servers. 

After detecting the irregular exercise on their network, they had shut down their IT systems and notified regulation enforcement.

If you have initial-hand facts about this or other unreported cyberattacks, you can confidentially speak to us on Sign at +16469613731 or on Wire at @lawrenceabrams-bc.

Gigabyte suffers RansomEXX ransomware attack

While Gigabyte has not officially said what ransomware procedure performed the assault, BleepingComputer has realized it was conducted by the RansomEXX gang.

When the RansomEXX operators encrypt a community, they will make ransom notes on every encrypted device.

These ransom notes incorporate a connection to a non-community website page intended to only be accessible to the victim to test the decryption of one file and to go away an e-mail deal with to get started ransom negotiations.

Currently, a resource sent BleepingComputer a backlink to a non-general public RansomEXX leak page for Gigabytes Technologies, wherever the menace actors assert to have stolen 112GB of facts during the assault.

In a ransom notice also noticed by BleepingComputer, the danger actors state “Good day, Gigabyte (gigabyte.com)!” and consist of the similar backlink to the private leak web site shared with us by our source.

On this private leak webpage, the threat actors declare to have stolen 112 GB of information from an inner Gigabyte community, as nicely as the American Megatrends Git Repository,

We have downloaded 112 GB (120,971,743,713 bytes) of your documents and we are all set to PUBLISH it.
Several of them are under NDA (Intel, AMD, American Megatrends).
Leak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others.

The threat actors also shared screenshots of 4 documents underneath NDA stolen for the duration of the assault. 

Whilst we will not be submitting the leaked pictures, the confidential paperwork contain an American Megatrends debug document, an Intel “Probable Concerns” doc, an “Ice Lake D SKU stack update plan,” and an AMD revision guideline.

BleepingComputer has tried to make contact with Gigabyte about the attack but has not listened to again at this time.

What you need to have to know about RansomEXX

The RansomEXX ransomware procedure originally began beneath the identify Defray in 2018 but rebranded as RansomEXX in June 2020 when they became more active.

Like other ransomware operations, RansomEXX will breach a community via Remote Desktop Protocol, exploits, or stolen qualifications.

After they gain accessibility to the network, they will harvest a lot more credentials as they slowly acquire management of the Home windows domain controller. For the duration of this lateral spread by way of the community, the ransomware gang will steal info from unencrypted gadgets made use of as leverage in ransom extortion.

RansomEXX does not only focus on Windows units but has also created a Linux encryptor to encrypt virtual machines running VMware ESXi servers.

Above the previous thirty day period, the RansomEXX gang has turn into a lot more lively as they have recently attacked Italy’s Lazio region and Ecuador’s state-operate Corporación Nacional de Telecomunicación (CNT).

Other superior-profile attacks by the ransomware gang include Brazil’s authorities networks, the Texas Division of Transportation (TxDOT), Konica Minolta, IPG Photonics, and Tyler Systems.