Gigabyte Data Breach (2021)

According to Bleeping Computer, Gigabyte was the target of a ransomware attack last week and are currently being blackmailed with the exposure of 112GB of the stolen data. The corporation announced that it shut down its IT infrastructure and that a small number of servers were impacted, but there are indications that the attack was more widespread. Multiple websites owned by the company were also affected by the incident, including its support site and elements of the company's Chinese website. RansomEXX claimed to have taken 112GB of sensitive internal data as well as information from the American Megatrends Git Repository, among other things. Intel and AMD processors details as well as a debug document are suspected to be among the sensitive info. Although Gigabyte has said it plans to report the theft to authorities, the company did not provide any clues on whether they intend to pay the ransom. The ransom note contains a link to a private page that only the victim is supposed to access to test decrypting a single file and leave an email address so that negotiations for the ransom can begin. Taiwanese motherboard maker Gigabyte has been hit by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen data unless a ransom is paid. Gigabyte is best known for its motherboards, but also manufactures other computer components and hardware, such as graphics cards, data center servers, laptops, and monitors. The attack occurred late Tuesday night into Wednesday and forced the company to shut down systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website While Gigabyte has not officially stated what ransomware operation performed the attack, BleepingComputer has learned it was conducted by the RansomEXX gang. When the RansomEXX operators encrypt a network, they will create ransom notes on each encrypted device. These ransom notes contain a link to a non-public page meant to only be accessible to the victim to test the decryption of one file and to leave an email address to begin ransom negotiations. Today, a source sent BleepingComputer a link to a non-public RansomEXX leak page for Gigabytes Technologies, where the threat actors claim to have stolen 112GB of data during the attack.