RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE

Pierluigi Paganini August 07, 2021

Taiwanese manufacturer and distributor of computer hardware GIGABYTE was a victim of the RansomEXX ransomware gang.

RansomEXX ransomware gang hit the Taiwanese manufacturer and distributor of computer hardware GIGABYTE and claims to have stolen 112GB of data.

At the time of this writing, the leak site of the RansomEXX gang dosn’t include the company name, but BleepingComputer has learned that the attack was conducted by this ransomware gang.

The attack took place on Tuesday night, in response to the infection the company shut down its systems to prevent the ransomware from spreading. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website.

The company confirmed the security breach and launched an investigation into the incident with the help of external security experts.

“GIGABYTE, a major manufacturer of motherboards and graphics cards, confirmed that some servers were attacked by hackers today, and the security defense was activated as soon as possible. All affected internal services have resumed operation. Currently, production, sales and daily operations are not affected.” states the Chinese news site United Daily News.

“GIGABYTE released a major message stating that the information security team has cooperated with technical experts from a number of external information security companies to jointly handle this cyber attack on a small number of servers of GIGABYTE, and has notified the abnormal network conditions it has detected.”

The company also notified law enforcement.

BleepingComputer received a ransom note that includes a link to a non-public page containing instructions for Gigabytes to start negotiations. The page also allows the victims to test the decryption of a file encrypted by ransomware.

“We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it.
Many of them are under NDA (Intel, AMD, American Megatrends).
Leak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others.” reads the leak page viewed by BleepingComputer.

The data leak page also includes images of some documents stolen from the company. 

Recently the RansomEXX gang infected the systems at Italy’s Lazio region causing problems for the ongoing COVID19 vaccination campaign.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, RansomEXX)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment