Taiwanese motherboard maker Gigabyte has been hit by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen data unless a ransom is paid. Gigabyte is best known for its motherboards, but also manufactures other computer components and hardware, such as graphics cards, data center servers, laptops, and monitors. The attack occurred late Tuesday night into Wednesday and forced the company to shut down systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website
Gigabyte has not officially stated what ransomware operation performed the attack, It was conducted by the RansomEXX gang. When the RansomEXX operators encrypt a network, they will create ransom notes on each encrypted device. These ransom notes contain a link to a non-public page meant to only be accessible to the victim to test the decryptionof one file and to leave an email address to begin ransom negotiations. The threat actors claim to have stolen 112GB of data during the attack.
On this private leak page, the threat actors claim to have stolen 112 GB of data from an internal Gigabyte network, as well as the American Megatrends Git Repository, We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it. Some sources also claim that RansomExx has already created a dark web page, allegedly containing samples of their stolen data. According to the hackers, many of these files are under NDA (non-disclosure agreements) from big tech companies like Intel, AMD, and American Megatrends.
Screenshot of the RansomExx gang’s extortion page, where they’re threatening to release more than 112 GB of Gigabyte’s data unless they get paid.