Ransomware has become the biggest cyber threat in global technology. The latest known has been Gigabyte Technology, a Taiwan-based hardware manufacturer you may know from its motherboards, graphics cards, notebooks, or monitors.
The ransomware attack against Gigabyte has been confirmed to Chinese media. It affected a portion of its servers and triggered the information security defense system in cooperation with technical experts from external companies and contact with government agencies. The attack occurred last week and currently, all affected internal services have resumed operations. Production, sales, and daily operations have not been affected, the company says.
Although no official information has been made available on the type of cyberattack, Bleeping Computer says it happened last Tuesday and affected several of its services, including user support and others by having to shut down some systems to control it.
The media says that RansomEXX is behind the attack. Originally known as ‘Defray’, it is a group well known in computer security environments for introducing ransomware through vulnerabilities in remote desktop protocols, exploits, or stolen credentials.
The group acts in a typical ransomware fashion. It infiltrates servers, hijacks files using strong encryption to prevent access by its owner, and demands a ‘ransom’ to release them. Once they have gained access to the network, they will collect more credentials as they gain space on the Windows domain controller. During this lateral propagation through the network, the gang will steal data from unencrypted devices used as leverage in the extortion.
In this case, the cybercriminals claim to be in possession of 112GB of data stolen from servers. And it may not only affect Gigabyte, as there is talk of confidential documents from Intel, AMD, and American Megatrends. In such a connected world where companies have to collaborate with each other, indirect victims are also frequent in this type of attack. In the Quanta Computer incident, the attackers claimed to have obtained blueprints of Apple and Lenovo equipment.
The ransomware attack against Gigabyte is one more among the dozens of large companies affected. And these are just the well-known ones because there are many more that do not reach the general public. Asian manufacturers are in the spotlight. In addition to the serious incident with Quanta, at the end of last year the contract notebook manufacturer Compal, the industrial computer manufacturer Advantech and later the giant conglomerate Hon Hai and the PC manufacturer Acer were attacked. According to research by Internet security provider Check Point, Taiwan records an average of more than 2,500 cyberattacks per week.
And not only Asia. A ransomware attack against the company Kaseya last month crippled the networks of at least 200 U.S. companies and others (potentially there are 1,000 affected) internationally. Russian group REvil is behind an attack that cybersecurity firms called ‘colossal’ and another sign of the danger of ransomware.