Gigabyte, a motherboard developing company from Taiwan and also a hardware giant was attacked by the RansomExx ransomware hacking group, who has blackmailed to leak 112 GB of hack data if the organization doesn't pay the ransom. Gigabyte is famous for making motherboards, but also builds other computer hardware and components, like laptops, monitors, graphic cards, and data center servers. The ransomware attack happened earlier this week which compelled the company to close down its systems in Taiwan.
Besides this, the attack compromised multiple websites of Gigabyte, which includes support systems and website portions of the company. Customers have complained of having issues while accessing support docs or getting updated information on Ram's. The reason is most probably due to the ransomware attack. "The RansomEXX ransomware operation originally started under the name Defray in 2018 but rebranded as RansomEXX in June 2020 when they became more active. RansomEXX does not only target Windows devices but has also created a Linux encryptor to encrypt virtual machines running VMware ESXi servers," said Bleeping Computers.
As per United Daily News (a Chinese news organization), Gigabyte revealed about the company suffering cyberattack which affected its servers. After finding unusual activity on its company network, Gigabyte closed down its IT systems and informed law agencies. However, Gigabyte itself has not officially confirmed which organization is behind the attack, but Bleeping Computers believe that it was carried out by the RansomExx gang. RansomExx hackers while encrypting a network attach ransom notes to each encrypted system.
The ransom notes include a link to a private page accessible only to the victims to check the decryption of a file and to provide an email address for doing ransom negotiations. Bleeping Computer reports "like other ransomware operations, RansomEXX will breach a network through Remote Desktop Protocol, exploits, or stolen credentials. Once they gain access to the network, they will harvest more credentials as they slowly gain control of the Windows domain controller. During this lateral spread through the network, the ransomware gang will steal data from unencrypted devices used as leverage in ransom extortion."