14 DAY TRIAL // According to Bleeping Computer, Gigabyte was the target of a ransomware attack last week and are currently being blackmailed with the exposure of 112GB of the stolen data.
The corporation announced that it shut down its IT infrastructure and that a small number of servers were impacted, but there are indications that the attack was more widespread. Multiple websites owned by the company were also affected by the incident, including its support site and elements of the company's Chinese website.
RansomEXX claimed to have taken 112GB of sensitive internal data as well as information from the American Megatrends Git Repository, among other things. Intel and AMD processors details as well as a debug document are suspected to be among the sensitive info. Although Gigabyte has said it plans to report the theft to authorities, the company did not provide any clues on whether they intend to pay the ransom.
The ransom note contains a link to a private page that only the victim is supposed to access to test decrypting a single file and leave an email address so that negotiations for the ransom can begin.
RansomEXX is back in business, targeting major corporations
Since its inception in 2018 under the Defray moniker, RansomEXX has been targeting increasingly high-profile institutions, including the Texas Department of Transportation, the Brazilian government, and Ecuador's state-owned telecommunications company, just to name a few.
PC corporations are usually a preferred target for cybercriminals because not only do they have the funds to pay ransoms, but they also have a significant collection of proprietary technology they're not willing to share. Acer and Apple supplier Quanta have also been victims of ransomware rather recently, making this string of attacks a cause for concern. Simply put, companies have a long-term fear that these attacks could disseminate trade secrets along with their long-term ramifications.