Taiwanese computer hardware giant Gigabyte suffered a ransomware attack (via The Record) by the RansomEXX hacking group. Not only did the group manage to get into the Gigabyte headquarters server, but they have stolen as much as 112GB of confidential data.
The hack took place last week and was perpetrated by RansomEXX, a group of hackers specializing in creating ransomware attacks that target high-profile companies — in this case, Gigabyte. As Gigabyte works with a lot of confidential data, such as new products and hardware, it would seem that the attackers targeted Gigabyte based on the amount of potential data which could be used for payment or leaked to the public.
According to the report, attackers stole as much as 112GB of confidential data, which includes motherboard designs, sensitive encryption keys, UEFI BIOS versions for yet-unreleased products, TPM data, and much more. Gigabyte is now in danger of all of this information making its way to the public domain. To keep that from happening, the hackers are requesting a ransom, as they're threatening to leak the data to the public and compromise Gigabyte. The data is thought to include details about the upcoming Zen 4 architecture.
The leaked documents are supposed to carry a lot of information including American Megatrends Debug documentation, Intel Ice Lake-D SKU stack update, Intel "Potential Issues" document, and AMD revisions guide amongst many others. Screenshots from private website, seen by The Record, can be seen below, with the message from the attackers.
Gigabyte has not commented on this case yet and has not mentioned any talks with the ransomware hackers. The company only issued a statement that notes that the affected servers in its HQ have been isolated, and the authorities have been called to deal with the case. Of course, paying the ransom doesn't even guarantee the data won't be leaked, which is why most companies don't play ball with extortionary tactics.
I doubt ransom was the goal. Strategic info and IP are the targets worth going for at a company like Gigabyte where the defenses were probably better than business average. But ransom demands muddy the water.
Search "maskirovka" - A stratagem heavily used by at least two large powers in Asia.
My understanding is that they generally tend not to do that, since it lowers their credibility for future ransoms.
If you know the attackers are going to release your stuff regardless if you pay up or not, then why pay?