Menu Close

AMD, Intel confidential data leaked online after GIGABYTE ransomware attack

ConsumerConnect
Photo: Myce

*The threat actors claim that refusal to pay ransom, and having this data leaked may have legal ramifications from GIGABYTE’s business partners

*Experts suggest a few basic precautionary measures for organisations and individuals to have in mind for protection against attacks

Gbenga Kayode | ConsumerConnect

A 7 GB archive of confidential data that supposedly belongs to Taiwanese computer hardware manufacturer GIGABYTE has been leaked on a hacker forum, following a recent attack by the ransomEXX ransomware gang.

ConsumerConnect gathered the archive was initially posted on ransomEXX’s public website, presumably after GIGABYTE refused to pay the ransom demanded by the attackers August 12, 2021.

According to the forum post author, the leaked two-part archive appears to contain a variety of GIGABYTE internal company information as well as Intel and AMD proprietary data.

These include the source code for the Intel Manageability Commander and numerous confidential documents related to AMD, CyberNews report said.

Since the original ransomware attack in early August 2021 has netted the gang over 112 GB of data, this leak appears to be just a small portion of the entire haul nicked from the GIGABYTE servers, report stated.

This, as well as an ominous ‘to be continued…’ message left by the ransomware group in the leak description, may indicate that unless GIGABYTE decides to pay the ransom, more similar leaks could be coming soon.

In order to determine if consumers’ online accounts were exposed in previous security breaches, they are urged to use their personal data leak checker with a library of 15+ billion breached records.

Who could access the data, and what is the impact of the leak?

As the leaked archive was made freely available to anyone online, report indicates that it is assumed that multiple members of the hacker forum, many of whom are likely to be cybercriminals, were able to download and access the data since it has been published.

Several ransomware gangs tend to offer post-breach data leaks for free.

As such, the GIGABYTE archive is still available, and there is a high chance that sooner or later, the confidential company data may be used by bad actors for malicious purposes, according to report.

In terms of the impact of the leak, it was learnt that from what samples of the leaked data experts were able to access, most of it appears to be corporate in nature and is related to GIGABYTE rather than AMD or INTEL.

The threat actors also reportedly claimed that refusing to pay the ransom, and having this data leaked may have legal ramifications for the company from GIGABYTE’s business partners.

Besides confidential corporate data, report noted that the leaked archive appears to contain no identifiable personal user information, such as customer credit card details, account credentials, or other sensitive personal documents.

The situation is still being assessed as more information comes to light, and an attempt has been made to contact GIGABYTE, but no reply as of the time of filing the report, CyberNews said.

On the next line of actions for consumers, it is suggested that for organisations that wish to avoid becoming victims of ransomware groups, there are a few basic precautions to have in mind:

Establish an intelligent threat detection system or a security incident event management system.

In the event of a breach by malicious actors, such systems will alert your IT personnel about the incident in real-time and help them prevent data exfiltration from company servers.

Use a secure encryption algorithm to encrypt your confidential data. When encrypted, your company data would be all but useless to attackers.

The data would be scrambled by the algorithm, which would render it unreadable for unauthorised parties without a decryption key.

Kindly Share This Story

 

 

Kindly share this story