Hardware giant Gigabyte hit by ransomware attack

Gigabyte, the Taiwan-based computer hardware manufacturer, has been subject to a ransomware attack by the RansomExx ransomware gang. According to an article by The Record, the hacker organization is currently in possession of approximately 112 GB of company business data and are threatening to release it on the dark web if Gigabyte did not comply with their ransom demands. In a phone call, the Taiwanese company confirmed the attack to The Record and also posted a message on its Taiwanese website.

A spokesperson from the company told The Record that the ransomware attack did not affect the company’s production systems. It was reported that the attack was focused only on a few internal servers at the company’s Taiwan-based headquarters. It has been confirmed by the company that the affected systems have since been isolated and taken down.

The Taiwanese hardware giant is best known for its PC components like motherboards and graphics cards, but they also manufacture other peripherals like gaming monitors under the name of ‘Aorus’, and also have a line of laptops under the same branding.

How the Gigabyte ransomware attack happened

The ransomware attack happened late on Tuesday night into Wednesday, and the attack forced Gigabyte to shut down its systems in Taiwan. The ransomware attack also affected Gigabyte websites from a lot of regions, including its technical support site and parts of its Taiwanese website.

While talking to The Record, Gigabyte did not specifically mention the name of the attackers. However, the article claims that, after obtaining access to a dark web page through a source, it was found that the ransomware gang responsible for the attack had posted their demands in an attempt to extort Gigabyte.

It has been stated that the dark web portal is a page where members of the RansomExx ransomware gang regularly host their threats to hacked companies and also leak the data of those companies that refuse to comply with the gang’s extortion demands.

According to the gang’s extortion page, seen by The Record, they are threatening to publish 112 GB of data that it took from Gigabyte’s internal servers. The gang also claimed that they were in possession of some documents that were secured under non-disclosure agreements from major companies like Intel, AMD, and American Megatrends (a company that creates firmware for motherboard and computer manufactures including Gigabyte).

RansomExx is a ransomware gang that started in 2018 by the name of Defray, but later “rebranded” to RansomExx in 2020. According to Bleeping Computer, the gang has been much more active in recent times having attacked Ecuador’s National Telecommunications Corporation (CNT), and IT systems at Lazio, Italy.

The current scenario

PC and component manufactures are a very common target for hackers. Earlier this year, Acer was reportedly hit with a $50 million ransomware demand by the REvil group, which would go on to target one of the suppliers of Apple. Gaming giant EA was also subject to a ransomware attack where the hackers released all the stolen data.  

As of now, Gigabyte is yet to disclose the amount demanded by the ransomware gang. As per the dark web page, they have directed the company to contact them via email to begin negotiations. It is still unclear as to whether Gigabyte is in contact with RansomExx or if they are considering anything.

As per The Record, the company is currently in the process of investigating how the hackers breached its systems, stole files, and encrypted local copies. The company has also reportedly notified law enforcement.

The Gigabyte ransomware attack is just another attack in a year that has seen the likes of Fujifilm, Colonial Pipeline, Kaseya, Electronic Arts, and Saudi Aramco amongst the many big names hit by ransomware gangs.