Gigabyte hit with ransomware attack by infamous RansomExx group

nanoguy

Posts: 972   +14
Staff member
What just happened? Taiwanese manufacturer Gigabyte was hit by a ransomware attack this week, and the group responsible for the incident is threatening to release a treasure trove of 112 GB if the company doesn't pay up. The attackers didn't manage to disrupt production, but this is the sixth Taiwanese company they've attacked in the past few years.

Ransomware attacks are only getting worse, especially when we're talking about big companies and critical infrastructure. Last year, almost half of all insurance claims from big organizations were related to ransomware, with damages totaling over $20 billion. Computer makers like Acer have also become prime targets as of late, with hackers demanding millions to supply a decryption key for important files.

Earlier today, Gigabyte, a well-known manufacturer of servers, laptops, monitors, motherboards, and graphics cards, told Taiwan's United Daily News that it was hit by a ransomware attack on Tuesday night that didn't impact production systems, as it targeted a small number of internal servers located at its headquarters. The company says the servers have been restored from backup and brought back online thanks to prompt action from the security team, but the incident is far from over.

As discovered by The Record, the ransomware gang responsible for the attack is RansomExx, which claims to be in possession of no less than 112 gigabytes of data that includes confidential communications with Intel, AMD, and American Megatrends, as well as documentation that is under NDA. The group is threatening to make everything public unless Gigabyte is willing to pay up.

The company is still investigating how the breach occurred, but chances are it all started with a phishing email campaign or stolen credentials bought from an online source, as is usually the case with these attacks.

This isn't a first for RansomExx, which used to operate as "Defray" before 2018 and has a history of attacking Taiwanese companies like Garmin, Acer, Compal, Quanta, and AdvanTech. Over the last month, it also attacked Covid-19 vaccination booking systems in Italy and Ecuador's state-run telecom company, CNT.

Permalink to story.

 

Bulllee

Posts: 225   +147
Take it or leave it but surely it is obvious this is a replay of the Russian grab on on the seas of the world or my geography is so wrong.
Particulalry disheartening Ecuador was targeted.
 

nodfor

Posts: 107   +187
Make it illegal to pay those ransoms. The only way this trend stops going upwards.
And reduce the stupidly high GDPR etc fines, so that it makes less sense to give in to extortion.

If an important data breach happens, the market will react to it accordingly. No need to add crazy fines on top of that.
 

cuerdc

Posts: 244   +75
If companys keep paying then expect more of the same.
Find it very odd how they can claim this back on insurance though.
 

dnous

Posts: 39   +40
Paying is probably the best and cheapest option. Ransomware has become a viable business model and it is in the best interest of the attacker to unlock the files after getting paid.
 

OortCloud

Posts: 648   +521
As I have said before paying ransoms should be made illegal, then the problem goes away overnight.
Companies/Government are legally not allowed to pay ransoms so there's no point.
 

p51d007

Posts: 2,850   +2,210
With as many attacks on Taiwan...and the CCP wanting to put them "under the umbrella" of mainland China, as a "breakaway" nation from 1949, wouldn't surprise me where a lot of the attacks on Taiwan are coming from, or sponsored by.
 

Jpe1701

Posts: 71   +69
I wonder if this has something to do with why the Gigabyte support servers were down last night when I was checking for new bios or if it is just a coincidence.
 

Danny101

Posts: 1,864   +797
Ransomware attacks are cyber terrorism. If state sponsored, it's cyber warfare. Which in many of these cases, likely are. So the implications are high and likely that we are under a war footing with these attacks, In all probability, drone strikes are being weighed and considered. A shooting war, are we on the brink?
 

Bullwinkle M

Posts: 560   +446
Ransomware attacks are cyber terrorism. If state sponsored, it's cyber warfare. Which in many of these cases, likely are. So the implications are high and likely that we are under a war footing with these attacks, In all probability, drone strikes are being weighed and considered. A shooting war, are we on the brink?
Ransomware attacks are because of "YOU" leaving your house unlocked and the door wide open when you go to work

Close all the hardcoded backdoors in every tech product you buy, and demand that closed source be illegal, then we can talk about who is at fault here

Making the software and hardware Companies 100% liable for the damage they caused by putting backdoors in everything would also help

In the U.S., we could also label the FBI (or any other group) as a Terrorist Organization and have them eliminated under National Security Law if they implement / demand or promote backdoors in any business or consumer product(s)

But then, even a completely secure O.S. / software and hardware kit is completely vulnerable to malware when the user demands the right to do stupid things online for "convenience"

If you want to know who is to blame for ransomware, just look in a mirror
 
Last edited:

Uncle Al

Posts: 8,229   +6,996
Biden could offer to do Putin a favor and suggest the US target the hackers, then drop a non-nuclear 1,000 bomb on their location. Might take several attempts but I'm sure we would eventually wipe them out. What's that you say? They are hiding in the basement of the Kremlin? Well, that would certainly be a good start .....
 

sac39507

Posts: 398   +213
Can we just start finding these people and removing them from this planet on live television so people think twice about executing these ransomware attacks?

It's like online gaming cheaters. I think something could be done about it but someone or some people are allowing it to happen because it benefits them somehow.
 

sac39507

Posts: 398   +213
The world needs the "Robin Hood" of hackers. People who cause havoc for the betterment of humanity instead of these losers.
 

Danny101

Posts: 1,864   +797
Ransomware attacks are because of "YOU" leaving your house unlocked and the door wide open when you go to work

Close all the hardcoded backdoors in every tech product you buy, and demand that closed source be illegal, then we can talk about who is at fault here

Making the software and hardware Companies 100% liable for the damage they caused by putting backdoors in everything would also help

In the U.S., we could also label the FBI (or any other group) as a Terrorist Organization and have them eliminated under National Security Law if they implement / demand or promote backdoors in any business or consumer product(s)

But then, even a completely secure O.S. / software and hardware kit is completely vulnerable to malware when the user demands the right to do stupid things online for "convenience"

If you want to know who is to blame for ransomware, just look in a mirror
If you leave your bicycle out and it is stolen, who bears responsibility?
Granted, it is not wise to leave your bike out, but blaming the victim for the crime is just defending the criminal.
You can't expect the mass of population to know everything about security. You're just projecting your own arrogance. If everyone were experts on security, then many of the things that you need and enjoy in life would not be available. Not everyone has time to be experts, like "YOU".
As for all your other points on the government and corporate responsibility in this mess, I do agree. The attacks run the gambit of bad actors. Make no mistake. There is a war. And the enemy is very good at what they do. Again, blaming the population of users as the problem is just flat wrong. It is governments, corporations, and organizations that are bearing the brunt of these attacks and therefore should have been the most prepared. Similar to leaving the bike out, yet worse than unwise. In most cases, criminal negligence.
 
Last edited:

Bullwinkle M

Posts: 560   +446
Again, blaming the population of users as the problem is just flat wrong. It is governments, corporations, and organizations that are bearing the brunt of these attacks and therefore should have been the most prepared.
Governments, Corporations, and Organizations cannot prepare when their only options are to use Closed Source Operating Systems and Security Software with back doors created by Companies under one sided "End-Loser Licensing Agreements" that say "You have no recourse" if anything we sell you causes you harm / lost time / money / etc

There will never be a fix until the Corporations causing the problems are held liable for the damage they have caused

You can never "BUY" security from a Company that is out to make profit

They have backdoors on everything to keep you vulnerable and under their control

The only way they can become a Trillion Dollar Monopoly is by putting malware and backdoors in everything they make

The game is rigged, so the house always wins
 
Last edited:

Danny101

Posts: 1,864   +797
Governments, Corporations, and Organizations cannot prepare when their only options are to use Closed Source Operating Systems and Security Software with back doors created by Companies under one sided "End-Loser Licensing Agreements" that say "You have no recourse" if anything we sell you causes you harm / lost time / money / etc

There will never be a fix until the Corporations causing the problems are held liable for the damage they have caused

You can never "BUY" security from a Company that is out to make profit

They have backdoors on everything to keep you vulnerable and under their control

The only way they can become a Trillion Dollar Monopoly is by putting malware and backdoors in everything they make

The game is rigged, so the house always wins
Absolutely. Open source is the way forward.