The RansomEXX ransomware group has targeted Gigabyte Technology, a Taiwanese computer hardware provider. If the company will not pay the ransom, it threatens to expose 112GB of data stolen.
Gigabyte mainly manufactures motherboards, but it also makes data center servers, graphics cards, monitors, and laptops. The incident took place between Tuesday to Wednesday. The company had halted its IT systems and informed federal authorities after seeing unusual behavior on their network.
Gigabyte admitted a hack that compromised some of its servers, as per the United Daily News, a Chinese news website. The business was forced to shut down its Taiwanese systems. It has impacted several of the company’s websites, such as its support site and parts of the website in Taiwan.
Moreover, consumers have experienced trouble accessing support materials and obtaining updated RMA information, which is most likely linked to the ransomware incident.
The Taiwanese firm has not confirmed which ransomware group was responsible for the hack. However, BleepingComputer has discovered that the group was the RansomEXX.
RansomEXX hackers encrypt a network then each encrypted device has a ransom note. Such a note includes a link to a private page. Here, the victim may check the decryption of a single file and provide an email address to start ransom negotiation.
A source gave BleepingComputer the private RansomEXX webpage link for Gigabytes claiming that the cyber attackers took 112GB of data during the operation.
The RansomEXX ransomware attack began in 2018 as Defray. However, as they turn a lot more active in June 2020, they relaunched with the name RansomEXX. It infiltrates a network using stolen credentials, exploits, or Remote Desktop Protocol.
The ransomware group will gather more credentials when they acquire control of the Windows web server once they have gained access to the system. They will collect data from unencrypted devices used in ransom extortion throughout this indirect spread over the network.
The RansomEXX group has even built a Linux encryptor to configure operating systems using VMware ESXi hosts, in addition to targeting Windows machines.
Gigabyte Technology is not the only company hit by ransomware. The RansomEXX group has been increasingly active in the last month, attacking the Corporación Nacional de Telecomunicación (CNT) in Ecuador, and the Lazio area of Italy.
Besides, the Texas Department of Transportation, the government networks in Brazil, Tyler Technologies, Konica Minolta, and IPG Photonics, are among the companies targeted by the RansomEXX ransomware group.