The hackers hit Gigabyte. The Taiwanese computer giant was a victim of a ransomware attack which seems to have been consumed in the night between 3 and 4 August. An operation that led to the theft of 112 GB of data and which seems to have as its protagonist RansomEXX, the same tool used to hack the computers of the Lazio Region.
RansomEXX colpisce Gigabyte
Gigabyte, A leader in IT and motherboard manufacturing, it is not the first IT company to have been hit by hackers. In March, for example, it was the turn of Acer, attacked with the REvil ransomware and blackmailed for a total of 50 million dollars.
The new victim is Gigabyte, who has fallen into the ransomware trap RansomEXX. The attack, which took place last week, forced the company to shut down your systems, causing disruption to the company’s websites, including the one dedicated to customer support.
The breach should have involved a limited number of servers but the damage is still huge: 112 GB of stolen data. Or at least that’s what cybercriminals claim.
The hacker group has in fact published a note – not visible to the public – on the Gigabyte website in which it claims to be in possession of the aforementioned 112 GB of information, including uA series of documents under the NDA that also involve other companies such as Intel and AMD. Screenshots of four files were also posted, so as to prove the authenticity of what the gang wrote.
The page created by cybercriminals on the Gigabyte site. Credits: Bleeping Computer
The page, which you can see above, also includes precise indications on the behavior to adopt. Specifically, hackers require you to negotiate with an official company representative, with whom they will then converse for define the sum of the ransom.
What is RansomEXX?
Or better, what is ransomware? It is about a virus that restricts access to the infected device. The strategy is simple: I exclude the user from the system or encrypt his files and then ask for a ransom to bring everything back to normal. In short, it is a bit as if your house key were stolen and asked for money to get it back.
It has been a form of extortion that has been around for some time. The first real ransomware in fact dates back to 1989 and was called the AIDS trojan. It was the work of a biologist (yes, you got it right), encrypting files and asking the user $ 189 to unlock the system.
Over time, ransomware has evolved and diversified. RansomEXX it is one of the latest evolutions. It is a virus initially known as Defray, renamed in June 2020, when it became more active.
Like other ransomware, it breaches the network through the Remote Desktop Protocol, any exploits or the use of stolen credentials. Once access is obtained, other credentials are collected and unencrypted data is stolen to be used to demand a ransom.
Unlike other similar malware, the RansomEXX is capable of affecting Linux based systems as well with an apparently more basic but still effective variant.
In recent months, RansomEXX has been the protagonist of some particularly serious attacks, including that against the Lazio Region, the Corporación Nacional de Telecomunicación and the Brazilian judicial system.