Computers & Electronics

Gigabyte hit with ransomware + possible data exfiltration - RansomEXX

  • Last Updated:
  • Oct 24th, 2021 11:24 am
[OP]
Deal Expert
Jun 15, 2011
44447 posts
7713 upvotes

Gigabyte hit with ransomware + possible data exfiltration - RansomEXX

This is big news.

https://www.bleepingcomputer.com/news/s ... ansomware/
Taiwanese motherboard maker has been hit by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen data unless a ransom is paid

Gigabyte is best known for its motherboards but also manufactures other computer components and hardware, such as graphics cards, data center servers, laptops, and monitors.

The attack occurred late Tuesday night into Wednesday and forced the company to shut down its systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website
Blanka
18 replies
Deal Fanatic
Sep 16, 2013
6935 posts
4666 upvotes
SW ON
I wonder what's in those 112 GB of data. Is it worth publishing? Schematics of motherboards? Would anyone even care?
[OP]
Deal Expert
Jun 15, 2011
44447 posts
7713 upvotes
alpovs wrote: I wonder what's in those 112 GB of data. Is it worth publishing? Schematics of motherboards? Would anyone even care?
Usually it’s PII data of employees and sometimes customers.

If it’s schematics, sometimes it could be sold to a competitor.
Blanka
Deal Expert
User avatar
Apr 16, 2001
16225 posts
2896 upvotes
alpovs wrote: I wonder what's in those 112 GB of data. Is it worth publishing? Schematics of motherboards? Would anyone even care?
It's the list of all the people they screwed over with their RMA process.
Automatic down-votes: Eufy, D-Link, TP-Link, Newegg, Canada Computers, any Chinese-owned cellphone, laptop or IoT device.
Deal Guru
Feb 9, 2006
12916 posts
7676 upvotes
Brampton
JAC wrote: It's the list of all the people they screwed over with their RMA process.
So you're saying the 112gb is highly compressed.
Deal Addict
Jan 6, 2006
2855 posts
948 upvotes
Don't feel bad one bit. It took Gigabyte 1 year to fix the power issue on my x570 motherboard and they didn't even want to acknowledge the issue.
Deal Guru
Feb 9, 2006
12916 posts
7676 upvotes
Brampton
Phat_cow wrote: Don't feel bad one bit. It took Gigabyte 1 year to fix the power issue on my x570 motherboard and they didn't even want to acknowledge the issue.
Their BIOS on 350 chipsets are pretty much a dumpster fire.
One glaring bug outstanding is the fTPM implementation on Gen 1 Ryzen, Enabling it causes UEFI systems to BSOD on boot. The work around is to enable it reflash the same BIOS.
Or how convoluted the SMI firmware update process is on certain boards sometimes causing soft and hard bricks.
Numerous 3080 MOSFET failures.
etc.
Deal Expert
User avatar
Mar 9, 2007
15003 posts
11527 upvotes
Think of the Childre…
Don't forget the Gigabyte exploding PSU's


WOULD SOMEBODY THINK OF THE CHILDREN!!!
Member
Nov 26, 2015
497 posts
1003 upvotes
Winnipeg
Gigabye just got hit with a second ransomware attack:

In a Thursday post, PrivacySharks said that an independent security researcher affiliated with the company has viewed the contents of a leaked 14.9MB file called “proof.zip” that was purportedly exfiltrated from Gigabyte.

The researcher said that it contains the following list of sensitive information:
  • Potential credit-card details.
  • Password and username details.
  • Employee payroll details.
  • HR agreements with consultants as well as full names, images and CVs.
  • 10 PDF documents in a file named “Passports.”
  • Information on more than 1,500 job candidates, including full names, CVs, resumes and applications. There are also Zoom details with what appears to be personal information on each candidate.
  • A folder named “Mailchimp” containing GSM Account Database information. This could include email addresses.
  • A zip folder containing an NDA and information of a deal with Barracuda Networks worth $100,000+.
  • In addition to Barracuda Networks, the leak includes various data from the following well-known companies: Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.
  • A .txt file named “Tree” containing 133,352 lines of folder and file names stolen in the breach.
  • Business expenses from trips such as “Hawaii 2019,” including money spent on luau drinks, Uber trips and tips.
  • Images from company events, including Christmas parties, Halloween parties and “Tony’s Birthday.”


https://threatpost.com/gigabyte-avosloc ... ng/175642/
...
[OP]
Deal Expert
Jun 15, 2011
44447 posts
7713 upvotes
Mok122cobra wrote: Gigabye just got hit with a second ransomware attack:

In a Thursday post, PrivacySharks said that an independent security researcher affiliated with the company has viewed the contents of a leaked 14.9MB file called “proof.zip” that was purportedly exfiltrated from Gigabyte.

The researcher said that it contains the following list of sensitive information:
  • Potential credit-card details.
  • Password and username details.
  • Employee payroll details.
  • HR agreements with consultants as well as full names, images and CVs.
  • 10 PDF documents in a file named “Passports.”
  • Information on more than 1,500 job candidates, including full names, CVs, resumes and applications. There are also Zoom details with what appears to be personal information on each candidate.
  • A folder named “Mailchimp” containing GSM Account Database information. This could include email addresses.
  • A zip folder containing an NDA and information of a deal with Barracuda Networks worth $100,000+.
  • In addition to Barracuda Networks, the leak includes various data from the following well-known companies: Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.
  • A .txt file named “Tree” containing 133,352 lines of folder and file names stolen in the breach.
  • Business expenses from trips such as “Hawaii 2019,” including money spent on luau drinks, Uber trips and tips.
  • Images from company events, including Christmas parties, Halloween parties and “Tony’s Birthday.”


https://threatpost.com/gigabyte-avosloc ... ng/175642/
Yup. Unfortunate.
Blanka
Deal Fanatic
Sep 16, 2013
6935 posts
4666 upvotes
SW ON
Hmm, fist time it's 112 GB. Second time 14.9 MB only. Nothing left to steal?
P.S. I just figured out that proof.zip may only be used to prove that they got more data.
Deal Expert
Mar 23, 2004
33252 posts
15098 upvotes
Mok122cobra wrote: [*]Images from company events, including Christmas parties, Halloween parties and “Tony’s Birthday.”
[/list]
Looks like Tony & Gigabyte will soon have some explaining to do :lol:
Deal Guru
Aug 14, 2007
12199 posts
3189 upvotes
--
With all the warnings of not opening files in emails, not clicking links. IT probably not shutting off data on usb ports... In this day and age I find it funny when large companies somehow fall victim to this still.

Makes no sense to me.
Deal Expert
User avatar
Apr 16, 2001
16225 posts
2896 upvotes
XtremeModder wrote: With all the warnings of not opening files in emails, not clicking links. IT probably not shutting off data on usb ports... In this day and age I find it funny when large companies somehow fall victim to this still.

Makes no sense to me.
Just because someone works for a tech company doesn't mean they're more tech savvy than anyone else. And like every other company, GB's network security is budget constrained, combined with an unhealthy dose of 'don't give a shit.'
Automatic down-votes: Eufy, D-Link, TP-Link, Newegg, Canada Computers, any Chinese-owned cellphone, laptop or IoT device.
Deal Guru
Aug 14, 2007
12199 posts
3189 upvotes
--
JAC wrote: Just because someone works for a tech company doesn't mean they're more tech savvy than anyone else. And like every other company, GB's network security is budget constrained, combined with an unhealthy dose of 'don't give a shit.'
True. For all anyone knows it could have been a disgruntled employee.
Deal Addict
Mar 18, 2015
2950 posts
2646 upvotes
Antarctica
In every company, bean counters >>>>>> security / IT requirements.

So no surprise most keep getting hacked. No one cares if it doesn’t hit the bottom line.
Deal Fanatic
User avatar
Nov 15, 2020
5294 posts
3981 upvotes
ES_Revenge wrote: Looks like Tony & Gigabyte will soon have some explaining to do :lol:
since gigabyte still isnt paying up, I'll assume strippers werent part of the party.
Deal Expert
User avatar
Apr 16, 2001
16225 posts
2896 upvotes
XtremeModder wrote: True. For all anyone knows it could have been a disgruntled employee.
If they treat their employees like they treat their customers, you're probably right
Automatic down-votes: Eufy, D-Link, TP-Link, Newegg, Canada Computers, any Chinese-owned cellphone, laptop or IoT device.
Deal Addict
User avatar
Nov 25, 2004
3768 posts
2447 upvotes
London
gigabyte seems like a company stuck in the 90s

like for eg if u did an RMA with them and asked for an advanced RMA They would email u a forum were u had to manually fill it in and write out your whole cc number on it then email that back meaning anyone who did an advanced RMA cc would get stolen anytime someone hacked there email or heck even the anyone in there company who has access to the email system can steal your cc super easy.

not sure of any company who makes u do it that way in this day and age.

like for eg seasonic and nzxt they just provide u the company paypal account and u paypal them the retail amount for the item then when the RMA is complete that is refunded back so no cc numbers even provided. or EVGA they send u a secured checkout just like if u were on a shopping site to put ur cc in still maybe hackable but a lot less likely then a text doc in an email.

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)