Hardware company Gigabyte reportedly hit by ransomware attack
After a cyberattack reported early last week, customers begged the hardware company to “fix your support site.”
Taiwanese computer hardware company Gigabyte Technology has been hit by a cyberattack by the RansomExx group, multiple sources say.
Tech website BleepingComputer reported that 112 GB of data was stolen from servers late into the night of Tuesday (August 3) until the early hours of Wednesday (August 4) last week.
Gigabyte mainly produces motherboards, but has also turned to other hardware such as graphics cards and other PC components.
Chinese news site United Daily News also confirmed the attack but stressed that production was not affected by the incident.
However, it was reported that some parts of the websites were closed, with support services particularly affected. Comments on Gigabyte’s Facebook page include several complaints about seeking support, saying there were no other options for getting help with their hardware.
“This is a great time to reset my Aero laptop. Cannot download anything from your website for two days now. Please fix your support site,” one customer said. Another listed its specs. techniques after saying, “Because I couldn’t contact you through your website, I’m asking you here.”
RansomwareExx is the group responsible for the attack, according to BleepingComputer. Titanhq has published a detailed description of the group, which it says uses Trojan horse-based malware to infect systems through email.
Through a protected Word document, a victim’s computer is infected and the files are encrypted. A counter is then displayed which counts down with a warning that the files will be deleted if the ransom is not paid on time.
By offering to decrypt a file, the group demonstrates its ability to keep their word and restore any stolen information.
While attackers previously only worked with Windows systems, they also switched to Linux operations. The group has also been linked to Defray cybercriminals, which began operations in 2018.
BleepingComputer verified the attack by following a link provided by a source to a non-public RansomEXX page for Gigabyte. From this page, BleepingComputer reported a ransom message asking to interact with an official representative and claiming to have encrypted a number of documents under NDA.