RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE

Taiwanese manufacturer and distributor of computer hardware GIGABYTE was a victim of the RansomEXX ransomware gang.

RansomEXX ransomware gang hit the Taiwanese manufacturer and distributor of computer hardware GIGABYTE and claims to have stolen 112GB of data.

At the time of this writing, the leak site of the RansomEXX gang dosn’t include the company name, but BleepingComputer has learned that the attack was conducted by this ransomware gang.

The attack took place on Tuesday night, in response to the infection the company shut down its systems to prevent the ransomware from spreading. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website.

The company confirmed the security breach and launched an investigation into the incident with the help of external security experts.

“GIGABYTE, a major manufacturer of motherboards and graphics cards, confirmed that some servers were attacked by hackers today, and the security defense was activated as soon as possible. All affected internal services have resumed operation. Currently, production, sales and daily operations are not affected.” states the Chinese news site United Daily News.

“GIGABYTE released a major message stating that the information security team has cooperated with technical experts from a number of external information security companies to jointly handle this cyber attack on a small number of servers of GIGABYTE, and has notified the abnormal network conditions it has detected.”

The company also notified law enforcement.

BleepingComputer received a ransom note that includes a link to a non-public page containing instructions for Gigabytes to start negotiations. The page also allows the victims to test the decryption of a file encrypted by ransomware.

“We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it.
Many of them are under NDA (Intel, AMD, American Megatrends).
Leak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others.” reads the leak page viewed by BleepingComputer.

The data leak page also includes images of some documents stolen from the company.

Recently the RansomEXX gang infected the systems at Italy’s Lazio region causing problems for the ongoing COVID19 vaccination campaign.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, RansomEXX)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.