PC component maker Gigabyte suffered a ransomware attack on Friday, according to local Taiwanese media. But the incident appears to have only hit a few internal servers, not the company’s production systems.
The affected servers are already back online, Gigabyte told Taiwan’s United Daily News. Once the attack was detected, the company’s IT security teams promptly took action to contain the threat.
It’s unclear how the intrusion occurred. But a ransomware attack can arrive via a phishing email laced with malware or when a hacker exploits a vulnerability in a company’s IT systems. The attack will then seek to spread across the company’s computers and servers with the goal of encrypting as much information as possible. To free the data, the victim has to pay up, usually in Bitcoin.
In this case, it seems Gigabyte had backups on hand. Nevertheless, the hackers behind the attack claim they also stole a trove of files from the company.
The group RansomExx is claiming responsibility for the attack, Recorded Future reports. They allegedly stole 112GB of company data during the intrusion, and are threatening to dump the files unless Gigabyte pays up.
RansomExx has already created a private page on the dark web that contains alleged samples of the stolen files. “We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it. Many of them are under NDA (Intel, AMD, American Megatrends),” the extortion page says, according to Recorded Future.
Gigabyte did not immediately respond to a request for comment. But according to Taiwanese media, the company is investigating how the breach occurred and working to bolster Gigabyte’s IT security.
