2020 and 2021 has been plagued by seemingly unceasing ransomware attacks, affecting CD Projekt Red to JBS to Kaseya and even Transnet, and cyber-attackers appear not to be slowing down anytime soon. The latest victim of a ransomware attack is Taiwanese techmaker, Gigabyte.
Gigabyte, most well-known for its computer motherboards, recently suffered a ransomware attack between the 3rd and 4th of August, reports Bleeping Computer. The cyberattacker, identified by Bleeping Computer as RansomEXX, claims to have acquired 112GB of confidential company information.
Gigabyte gets bitten
Amongst the 122GB of files is sensitive information concerning CPU manufacturers Intel and AMD, as well as an American Megatrends debug document.
In a ransom note left behind by RansomEXX, Gigabyte “OFFICIAL REPRESENTATIVE[s]” are ordered to follow a provided link to a non-public page, where they can then test the decryption of one encrypted file and leave their email address in order to begin ransom negotiations.
According to Bleeping Computer, before changing its name in 2020, RansomEXX operated as ‘Defray’ when it started out in 2018. The name change came along with increased activity and ransomware attacks against higher-profile targets, such as the Texas Department of Transportation last June, and Konica Minolta last August.
Like many other ransomware operations, RansomEXX’s modus operandi is to breach networks via exploits or stolen credentials. From there it gathers up more and more subsequent credentials to spread through the victim’s network, hoovering up sensitive information to leverage for ransom all the while.
Tech-makers such as Gigabyte are rich targets for cybercriminals like RansomEXX and REvil, whose activity has been growing in recent months. In an increasingly tech-driven world, they’re the most obvious cash cows to exploit.