Ransomware Attackers Threaten to Release Stolen Gigabyte Data

attackers threaten to release stolen gigabyte data - featured image

The Taiwanese computer hardware manufacturer Gigabyte has recently suffered a ransomware attack targeting their internal network and the American Megatrends’ Git Repository. Now, ransomware hackers are threatening to release 112GB of captured data to the public unless the ransom is paid.

Gigabyte is a huge international player when it comes to hardware, especially in the production of motherboards and GPUs. The company has been hit with a ransomware attack on August 6, affecting internal servers but without impacting production in any way.

According to Bleeping Computer’s report, the group behind the attack is the RansomEXX ransomware gang. The most visible effect of the cyberattack was the shutting down of a portion of Gigabyte’s website, including the site’s customer support section.

As mentioned, the data attackers got a hold of – and encrypted – includes files from the internal servers and data located in the American Megatrends Git Repository. Additionally, hackers provided screenshots proving they also got a hold of documents from Intel, AMD, and American Megatrends that are still under NDA. As such, if released, this data could be potentially very damaging for the business interests of these companies.

In total, RansomEXX holds 112GB of stolen data. The ransom amount isn’t publicly known, as RansomEXX did not disclose it in their initial message but requested a Gigabyte official to contact them via email for negotiations.

As for Gigabyte, the company neither revealed the requested sum nor confirmed that RansomEXX is the group behind the attack. The company’s spokesperson said that Gigabyte has isolated the affected servers, notified the police, and have initiated an investigation into the attack.

The ransomware attack on Gigabyte is only the latest episode of a string of high-profile cyberattacks that have targeted large companies. Kaseya, JBS, and Colonial Pipeline are just a few of the affected companies. Businesses in the US seem to be targeted the most, which prompted US officials to interpret it as part of a cyberwar waged by Russia and China. This resulted in both ransomware protection and cybersecurity experts being in extremely high demand right now.

The latest attack on Gigabyte doesn’t seem to follow the same pattern, as Gigabyte is not a US company, nor is it tied to any crucial infrastructure, meaning this could be just a plain old money grab. However, it’s worth noting that Taiwan, where Gigabyte is headquartered, is at the center of a US-China “cold war”, mainly because it’s the source for most of the world’s semiconductor chip supply.