Major Gigabyte Ransomware Attack Reportedly Leaked Confidential AMD And Intel Docs
Some of Gigabyte's support sites have been taken offline, the result of an apparent ransomware attack in which a hacking group claims to be in possession of sensitive data, and is holding it hostage. If a ransom is not paid, the culprits say they will publish 112 gigabytes of stolen files, including ones containing confidential AMD and Intel documents.
"We have downloaded 112 GB (120,971,743,713 byes of your files and we are ready to PUBLISH it. Many of them are under NDA (Intel, AMD, American Megatrends). Leaked sources: newautobom.gigabyte.intra, git.ami.com.tw and some others," the hacking group wrote in a message.
The mind races at what documents that fall under at purview of non-disclosure agreements might have been swiped. It's worth noting that Intel is getting ready to launch its heterogeneous Alder Lake processors later this year (likely in October or November). AMD, meanwhile, is on tap a refreshed Zen 3 lineup with sporting stacked 3D vertical cache, and next year will release its Zen 4 processors.
Some of Gigabyte's websites are down following a reported ransomware attack.
According to those who are privy to the situation, Gigabyte has fallen prey to RansomEXX, a ransomware gang that was previously known as Defray a few years ago. The cyber crooks typically weasel their way into protected networks through a combination of stolen network credentials and leveraging Remote Desktop Protocol (RPD) vulnerabilities.
After gaining entry, the culprits get busy collecting more credentials and eventually take control of the Windows domain controller, stealing data along the way and sometimes encrypting files. The group has been successful in carrying out multiple ransomware attacks against high profile targets.
It's not clear what specific data the group might have pilfered from Gigabyte, though according to BleepingComputer, which has seen multiple screenshots of the stolen data, one of them includes an American Megatrends debug document. Others they have seen include an Intel "Potential Issues" document, an "Ice Lake D SKU stack update schedule," and a revision guide relating to AMD's hardware.
To prove they are in possession of stolen files, the hacking group has been contacting Gigabyte officials with links to non-publicized pages where they can decrypt a single file. After doing so, the officials are encouraged to provide contact details to work out a deal for the stolen data.
It's not clear what amount the group is seeking. However, it is not unusual for ransomware attacks to try and command massive payouts. Last month, for example, cyber criminals tried to extort $50 million from the world's largest oil producer. And back in May, an insurance agency reportedly paid $40 million to recover stolen files.