RansomEXX Hits Taiwanese Motherboard Maker Gigabyte

RansomEXX Hits Taiwanese Motherboard Maker Gigabyte

The hackers behind the RansomEXX ransomware operation have hit a Taiwanese motherboard maker and threatened to publish 112 GB of stolen data unless a ransom was paid.

Gigabyte is a leading manufacturer of motherboards and other computer hardware, such as graphics cards, data center servers, and laptops.

The attack took place on Tuesday night and crippled the company’s IT systems in Taiwan. It also prevented users from accessing its various websites. Currently, they show a notice that the websites are unavailable. Due to the attack, some customers experienced issues accessing support documents and receiving updated information about their RMAs.

Gigabyte confirmed to the Chinese news site United Daily News that they suffered a cyberattack that affected a few servers. The company immediately shut down its systems and notified the authorities.

BleepingComputer reported today their source sent them a link to a non-public RansomEXX leak page for Gigabytes Technologies. According to that page, the attackers stole over 112 GB of data from Gigabytes’ network. The threat actors also claimed to have stolen the contents of a Git repository maintained by American Megatrends.

“We have downloaded 112 GB (120,971,743,713 bytes) of your files, and we are ready to PUBLISH it. Many of them are under NDA (Intel, AMD, American Megatrends). Leak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others,” the threat actors wrote on their leak page and shared screenshots of four documents under NDA stolen during the attack.

The RansomEXX ransomware gang first emerged as Defray in 2018 targeting Windows systems, and later it rebranded as RansomEXX. Today, RansomEXX does not only target Windows devices, but also virtual machines on VMware ESXi servers with its new Linux encryptor.

The gang has been active recently in various countries and has carried out attacks on Italy’s Lazio region and Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT).

The group also attacked private corporations and government networks in Brazil and the USA, among them Brazil’s government, the Texas Department of Transportation (TxDOT), Konica Minolta, IPG Photonics, and Tyler Technologies.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.