Gigabyte’s servers hacked by RansomEXX

Gigabytes of documents have been compromised

How Did Gigabyte Get Hacked

Gigabyte’s servers have been hacked with over 100GB worth of revealing data compromised that is linked with partners Intel, Nvidia, AMD, and more. The ransomware attack has been carried out by RansomEXX, who are known for targetting big businesses. Gigabyte’s links with other hardware manufacturers in the PC components have most likely made them a prime target for valuable information ready for extortion.

Gigabyte's Ransom Notes

The Record broke the story which they then backed up with proof that has originated from the dark web, a playground for online criminals and shady dealings. Both screenshots above confirm RansomEXX involvement, demands, and proof that they have compromised NDA (Non-disclosure agreement) documents. The attack has only affected a small number of Gigabyte’s internal servers, which is being investigated as we speak. But what is ransomware?

What Is Ransomware: How To Prevent It

Ransomware is a form of malware (malicious software, also known as a virus) that encrypts a victim’s files, which are then used as leverage for a sum of money. For consumers such as you and me, ransomware can be loaded onto your device by a number of means, most commonly through phishing emails. We’re not talking about the Saudi Prince you’ve been financially supporting via western union transfers, we mean emails with attachments disguised as something important and often personal.

Once these pieces of software are on your computer, they will take over and lock down files. The hackers responsible will get in touch to let you know your files can be unlocked by paying a fee to them for a decryption key (a line of code that will deactivate the active ransomware). This fee is normally payable via Bitcoin as it’s untraceable. Other pieces of software may skip the phishing step and scan for security holes on a device and enter the system that way. This is what firewalls and antivirus software combat.

CSO’s Josh Fruhlinger states the following actions will help prevent ransomware attacks:

  • Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
  • Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
  • Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
  • And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.

To remove ransomware, complete the following steps:

  • Reboot Windows 10 to safe mode
  • Install antimalware software
  • Scan the system to find the ransomware program
  • Restore the computer to a previous state

This isn’t as simple for big companies, especially ones with fire sharing and multiple linked systems. Let’s hope Gigabyte’s IT security team also learns from this ransomware attack.