[TheRecord] Motherboard vendor GIGABYTE hit by RansomExx ransomware gang

Taiwanese computer hardware vendor GIGABYTE has suffered a ransomware attack, and hackers are currently threatening to release more than 112 GB of business data on the dark web unless the company agrees to their ransom demands.

The Taiwanese company, primarily known for its high-performance motherboards, confirmed the attack in a phone call and in a message on its (now-down) Taiwanese website.

A spokesperson said the incident did not impact production systems. Only a few internal servers at its Taiwanese headquarters have been affected and have now been taken down and isolated.

The company is currently in the process of investigating how the hackers breached its systems, stole files, and encrypted local copies. Local law enforcement has also been notified.

RansomExx gang takes credit

While the company did not name the attackers, The Record obtained access through a source to a dark web page containing the ransomware gang’s extortion demands.

The page is hosted on a dark web portal where members of the RansomExx ransomware cartel usually host threats to hacked companies and leak data from those that refuse to pay.

We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it.
Many of them are under NDA (Intel, AMD, American Megatrends).
Leak sources: [redacted]gigabyte.intragit.[redacted].tw and some others.

Message on RansomExx extortion page

Image: The Record
Image: The Record

The ransomware attack on GIGABYTE’s Taiwan headquarters is the latest in a long list of ransomware attacks that have hit Taiwan’s tech sector over the past few years.

Previous victims include Acer, AdvanTech, Compal, Quanta, and Garmin.

Developing story. Updates to follow.

The post Motherboard vendor GIGABYTE hit by RansomExx ransomware gang appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Modipwn: code execution vulnerability discovered in Schneider Electric Modicon PLCs

All posts, ZDNet

The security flaw allows attackers to obtain full control over a PLC. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ThreatPost] SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware

All posts, ThreatPost

Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks. Source: Read More (Threatpost)

Read More

[BleepingComputer] Insurance giant CNA fully restores systems after ransomware attack

Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that hits its network during late March and disrupted online services and business operations. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.