PC component maker Gigabyte suffered a ransomware attack on Friday, according to local Taiwanese media. But the incident appears to have only hit a few internal servers, not the company’s production systems.
The affected servers are already back online, Gigabyte told Taiwan’s United Daily News. Once the attack was detected, the company’s IT security teams promptly took action to contain the threat.
It's unclear how the intrusion occurred. But a ransomware attack can arrive via a phishing email laced with malware or when a hacker exploits a vulnerability in a company’s IT systems. The attack will then seek to spread across the company’s computers and servers with the goal of encrypting as much information as possible. To free the data, the victim has to pay up, usually in Bitcoin.
In this case, it seems Gigabyte had backups on hand. Nevertheless, the hackers behind the attack claim they also stole a trove of files from the company.
Prime Day deals you can shop right now
Products available for purchase here through affiliate links are selected by our merchandising team. If you buy something through links on our site, Mashable may earn an affiliate commission.Shark RV2310 Matrix Vacuum With Self-Cleaning Brushroll—$179.99(List Price $299.99)
Samsung Galaxy Tab A9+ 10.9" 64GB Wi-Fi Tablet—$142.49(List Price $219.99)
Apple AirPods With Wired Charging Case (2nd Gen)—$69.00(List Price $129.00)
Fitbit Charge 6 Fitness Tracker With 6-Months Membership—$99.95(List Price $159.95)
Apple Watch Series 9 (GPS, 41mm, Midnight, S/M, Sports Band)—$279.99(List Price $399.00)
Tweet may have been deleted
The group RansomExx is claiming responsibility for the attack, Recorded Future reports. They allegedly stole 112GB of company data during the intrusion, and are threatening to dump the files unless Gigabyte pays up.
RansomExx has already created a private page on the dark web that contains alleged samples of the stolen files. “We have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it. Many of them are under NDA (Intel, AMD, American Megatrends),” the extortion page says, according to Recorded Future.
Gigabyte did not immediately respond to a request for comment. But according to Taiwanese media, the company is investigating how the breach occurred and working to bolster Gigabyte’s IT security.
TopicsCybersecurity