Clevo, a leading manufacturer of customizable gaming laptops, was claimed Monday by RansomHub, the cybercriminal gang recently involved in publishing stolen data from UnitedHealth Group’s Change Healthcare hack.
The gang posted the global laptop manufacturer on its dark leak blog claiming to have stolen a massive 200GB from Clevo networks, along with an eight-day countdown to negotiate and pay a ransom demand.
“All network and backups are fully ecnrypted [sic]. We took care of it. The company has no chance to recover. Only our decryptor will help them to get back to work, nothing else will help them, “ the hacker group posted on their leak site.
Clevo is a leading ODM/OEM manufacturer known for producing barebones laptops for other companies to customize, as well as their own product lines of notebooks, tablets and All-in-One PCs.
The Clevo laptop brand is well known in the video gaming industry. Partners and clients include major technology companies such as MSI, Gigabyte, Asus, Nvidia, Intel, Micron, and AMD.
The Russian-leaning RansomHub also posted 10 sample files, allegedly from the stolen cache, containing what appears to be manufacturing roadmaps, license agreements, specifications, schematic drawings, and other confidential and proprietary documents related to the tech giants mentioned above.
No worries barebooks here gamers. https://t.co/EqgBBe3G15 pic.twitter.com/Fda7e2i0VT
undefined Dominic Alvieri (@AlvieriD) June 3, 2024
ODM/OEM stands for original design and original equipment manufacturer.
Ransom note and instructions
RansomHub claims to have infiltrated Clevo’s network and been able to move around its systems “for a long time.”
The gang says they had the time to analyze the manufacturer’s “products, clients and partners,” downloading “the most important and sensitive data.”
The group lists at least 18 exfiltrated stolen file formats as: pdf, pptx, ppt, dwg, dxf, prt, sldprt, asm, sldasm, sdcpc, sdac, sdcc, sdwc, doc, dwt, dws, prt, sdp.
“We tried to find a peaceful solution to solve this problem,” RansomHub wrote in its lengthy explanation.
The ransom note then chastised the company for visiting RansomHub’s landing page, reading its message, and also being informed by phone calls of the gang’s attack – even claiming one of Clevo’s employees laughed at the gang during the call.
“You still have time and opportunity to contact us and solve everything for a little money. We are waiting in the chat. We don’t want your company to collapse your partners to sue you for NDA vialotion [sic] and the drawings and product developments to be sold to competitors,” …the group threatened.
Who is RansomHub?
RansomHub is a relatively new player in the ransomware ecosystem, having posted its first victim on February 26th, 2024.
According to Ransomlooker, Cybernews’ ransomware monitoring tool, RansomHub has claimed more than 45 organizations in total over the past five months.
Recent May breaches include the infamous Christie’s auction house located in the ritzy Upper East Side of Manhattan (data now published), and Frontier, the 4th largest high-speed internet provider in the US covering 25 states.
In April, RansomHub posted a portion of stolen data files from a February breach of the US health technology giant Change Healthcare, carried out by the notorious ALPHV/BlackCat ransomware group.
Apparently, as one of the many criminal affiliates of the now-defunct ALPHV/BlackCat, RansomHub claims to have more stolen files belonging to the UnitedHealth Group-owned company.
The group primarily operates a ransomware-as-a-service business model, charging affiliates a cut of ransom profits in exchange for using their ransomware malware tools, according to SOCRadar Dark Web Profile report from March.
Analysts claim that the gang’s setup closely resembles a traditional Russian ransomware setup, with the gang avoiding targets in Russia, CIS countries, Cuba, North Korea, and China.
Clevo is a subsidiary of the Taiwan-based Chicony Electronics, a multinational motherboard and electronics manufacturing conglomerate.
Your email address will not be published. Required fields are markedmarked