Hardware company Gigabyte reportedly hit by ransomware attack

9 Aug 2021

Someone is typing on their laptop in the image. There are circles with padlocks superimposed over this image. Most of the padlocks are locked but one of the locks is displaying in red and is opened, indicating a cyberattack such as the one carried out on Gigabyte Technology.

Image: © Song_about_summer/Stock.adobe.com

Customers were asking for the computer hardware company to fix its support site after a reported cyberattack early last week.

Taiwan-based computer hardware company Gigabyte Technology has been hit with a cyberattack from the group RansomExx, according to numerous reports.

Gigabyte primarily produces motherboards but has also moved into hardware such as graphics cards and other PC components.

Tech website BleepingComputer reported that 112GB of data was stolen from servers some time between the night of Tuesday (3 August) and the early morning of Wednesday (4 August) last week. Local news site United Daily News also confirmed the attack but highlighted that production was not affected in the incident.

There were reports of parts of the company’s website being down, however, with support services affected. Recent comments on Gigabyte’s Facebook page include multiple complaints looking for support services.

“Great time to factory reset my Aero laptop. Can’t download anything from your website for two days now. Please fix your support site,” said one customer. Another listed their technical specifications after saying: “Because I couldn’t contact you via your website, I’m asking here.”

RansomExx is the group responsible for the attack, according to BleepingComputer sources. Titanhq has posted a detailed description of the group, saying it uses Trojan-based malware to infect systems via email.

Through a protected Word document, a victim’s computer is infected and files are encrypted. A counter is then displayed that counts down with a warning that files will be deleted if the ransom is not paid in time.

While the attackers previously only worked with Windows systems, Titanhq said they have since moved to Linux operations as well.

BleepingComputer reported that it verified the Gigabyte attack by following a link provided by a source to a non-public RansomEXX page. In a ransom note seen by BleepingComputer, criminals claim to have encrypted a number of documents that are under NDA.

A recent cyber insurance report found that the number of ransomware attacks worldwide between the first quarter of 2019 and the last quarter of 2020 increased by 170pc. There have been several high-profile ransomware incidents in recent months, including attacks on Ireland’s healthcare system, a key US fuel pipeline, and meat supplier JBS.