The Taiwanese hardware giant GIGABYTE suffered from a Ransomware attack around 3rd/4th of August. The attackers revealed that they had stolen more than 100GB of data and also threatened the organisation for posting it online in case GIGABYTE refuses to pay the ransom.
The company is based in Japan and is known for producing the best quality computer hardware products like motherboards, PC’s, Laptops etc. a Company official informed that only a few machines were infected at the Taiwanese branch of the company and the machines were immediately isolated and taken offline.
GIGABYTE is still figuring out on how the hackers were able to get into the network and encrypt the necessary sensitive files. Many websites of the company were also affected due to this incident specially the support sites.
It’s the RansomEXX gang
It is believed that the sophisticated attack was carried out by the RansomEXX gang who have then created Ransom notes on each infected device of the network after encrypting and stealing the sensitive data.
Like the famous and known initial access techniques, the RansomEXX gang also exploited the RDP protocol or leaked credentials to get into the network. Once gained initial access, the hackers try to do privilege escalation followed by lateral movement to gain access over other machines of the network.