- Several Gigabyte sites were down last week
- Reports claimed it was due to a cyberattack
- Gigabyte confirmed ransomware attack reports Friday
- It said the attack only affected a small number of its servers
Taiwan-based computer hardware company Gigabyte Technology has been hit by a ransomware attack by the hacker organization RansomEXX, which has threatened to leak more than 100 GB worth of data stolen from the firm, including sensitive Intel and AMD documents if it fails to pay the ransom.
Multiple attacks on several support sites of the Taiwan-based company reportedly took place last week, resulting in momentary inaccessibility of the company’s official site and unavailability of its support sites. The incident forced the firm to shut down systems in Taiwan, as well as some portions of its official and support site.
Gigabyte acknowledged reports of the ransomware attack Friday via the Chinese site United Daily News. However, according to the firm, it only affected a small number of its servers. Local authorities have already been alerted of the situation.
The tech company shared limited information about the malicious campaign. At the moment, it is not clear whether Gigabyte would take into consideration the demand of the hacking group. It is also unknown what the group wants in exchange for the stolen data.
Bleeping Computer, a tech news and support site, reported that the attack is executed by the hacking group RansomEXX. The site received a link from an anonymous source on its non-public page. The said link reportedly leads to a page confirming the ransom group is in possession of 112 GB of data from Gigabyte, including numerous non-disclosure agreements.
The tech site also discovered four screenshots containing sensitive documents, including the debug document of American Megatrends, an AMD revision guide, an Ice Lake D SKU stack update schedule and an Intel “potential issues” document.
RansomEXX is a known ransomware group previously known as Defray. These malicious actors usually get into protected networks using a combination of stolen network credentials and taking advantage of Remote Desktop Protocol vulnerabilities.
The ransomware group has been very active these past few months. Recently, it launched a cyberattack on the Lazio region of Italy and the Corporacion Nacional de Telecomunicaciones in Ecuador.
Other companies and organizations attacked by RansomEXX include Konica Minolta, IPG Photonics, Tyler Technologies, the Texas Department of Transportation and the government networks of Brazil.