The AvosLocker ransomware gang claims to have hacked into the network of Gigabyte, a Taiwanese computer hardware manufacturer.
The cybercriminals have sent a “press release” on Wednesday informing the public that it had allegedly compromised the motherboard/server manufacturer, although it did not specify when or how. The stolen data, according to researchers, seem to include sensitive information concerning business deals with third parties as well as personally identifying information about company workers.
Business deals and personally identifiable data leaked.
The content of a leaked 14.9MB file named “proof.zip” that contains sensitive data such as credit-card details, username and password information, payroll information for employees, 10 PDF documents named “Passports”, full names, images and CVs of consultants and job candidates, as well as other data related to email addresses, NDA files concerning company deals with Barracuda Networks, and other well-known companies like Amazon, BestBuy, Intel, Kingston and more, appeared online on Thursday.
A screenshot from AvosLocker’s announcement mentions Gigabyte and Barracuda Networks’ nondisclosure agreement (NDA). The NDA is signed in June 2007 and dates from that time period. If the document is genuine, this likely relates to Barracuda co-founder Dean Drako.
Several screenshots of the leaked file tree appeared in the online space. Unfortunately, it’s impossible to tell what’s within the encrypted files, but incident response experts assume the threat actor has focused on quality – a move that isn’t typical for usual ransomware attacks, which aim to encrypt anything and everything.
Analysts are concerned that Gigabyte’s reputation and vendor relationships will suffer a lot, as a result of the alleged theft of contract information and trade secret files, such as the claimed non-disclosure agreement with Barracuda.
Gigabyte develops and produces motherboards for both AMD and Intel platforms. The company also jointly develops graphics cards and notebooks with AMD and Nvidia.
According to researchers in PrivacySharks, if Gigabyte’s master keys are included in the leak — keys that identify hardware manufacturers as the original developer – threat actors may use them to force devices to download phony drivers, BIOS upgrades, and more, as was the case with SolarWinds’ hardware attack.
It seems that the hack includes “no or very little data from the security/tech departments”, as stated in a blog post by PrivacySharks.
A second ransomware attack for Gigabyte
A couple of months ago the company was a target of another attack. A ransomware named RansomEXX allegedly attacked the motherboard manufacturer in August. During that incident, a total of 112 GB of data, including sensitive information from Intel, AMD, and American Megatrends, had been threatened to be leaked by the threat actors. The exact amount of the ransom demand also remained a well-guarded secret. There is also no proof that Gigabyte has made the payment.
It’s still unclear whether the August incident had anything to do with the current AvosLocker attack. AvosLocker is a new ransomware organization discovered by Cyble in July. The gang has been infecting Windows computers with malware delivered mainly via spam email campaigns or sketchy ads.