Gigabyte hit with ransomware attack by infamous RansomExx group

What just happened? Taiwanese manufacturer Gigabyte was hit by a ransomware attack this week, and the group responsible for the incident is threatening to release a treasure trove of 112 GB if the company doesn't pay up. The attackers didn't manage to disrupt production, but this is the sixth Taiwanese company they've attacked in the past few years.

Ransomware attacks are only getting worse, especially when we're talking about big companies and critical infrastructure. Last year, almost half of all insurance claims from big organizations were related to ransomware, with damages totaling over $20 billion. Computer makers like Acer have also become prime targets as of late, with hackers demanding millions to supply a decryption key for important files.

Earlier today, Gigabyte, a well-known manufacturer of servers, laptops, monitors, motherboards, and graphics cards, told Taiwan's United Daily News that it was hit by a ransomware attack on Tuesday night that didn't impact production systems, as it targeted a small number of internal servers located at its headquarters. The company says the servers have been restored from backup and brought back online thanks to prompt action from the security team, but the incident is far from over.

As discovered by The Record, the ransomware gang responsible for the attack is RansomExx, which claims to be in possession of no less than 112 gigabytes of data that includes confidential communications with Intel, AMD, and American Megatrends, as well as documentation that is under NDA. The group is threatening to make everything public unless Gigabyte is willing to pay up.

The company is still investigating how the breach occurred, but chances are it all started with a phishing email campaign or stolen credentials bought from an online source, as is usually the case with these attacks.

This isn't a first for RansomExx, which used to operate as "Defray" before 2018 and has a history of attacking Taiwanese companies like Garmin, Acer, Compal, Quanta, and AdvanTech. Over the last month, it also attacked Covid-19 vaccination booking systems in Italy and Ecuador's state-run telecom company, CNT.