AMD and Intel confidential data leaked online after GIGABYTE ransomware attack
We recently discovered that a 7 GB archive of confidential data that purportedly belongs to Taiwanese computer hardware manufacturer GIGABYTE had been leaked on a hacker forum following a recent attack by the ransomEXX ransomware gang.
The archive was initially posted on ransomEXX’s public website, presumably after GIGABYTE refused to pay the ransom demanded by the attackers on August 12.
According to the forum post author, the leaked two-part archive appears to contain a variety of GIGABYTE internal company information as well as Intel and AMD proprietary data, including the source code for the Intel Manageability Commander and numerous confidential documents related to AMD.
Since the original ransomware attack in early August has netted the gang more than 112 GB of data, this leak appears to be just a small portion of the entire haul nicked from the GIGABYTE servers.
This, as well as an ominous ‘to be continued…’ message left by the ransomware group in the leak description, may indicate that unless GIGABYTE decides to pay the ransom, more similar leaks could be coming soon.
To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.
Who had access to the data?
Since the leaked archive was made freely available to anyone, we assume that multiple members of the hacker forum, many of whom are likely to be cybercriminals, were able to download and access the data since it’s been published.
Many ransomware gangs tend to offer post-breach data leaks for free. As such, the GIGABYTE archive is still available, and there is a high chance that sooner or later, the confidential company data may be used by bad actors for malicious purposes.
What’s the impact of the leak?
From what samples of the leaked data we were able to access, most of it appears to be corporate in nature and is related to GIGABYTE rather than AMD or INTEL. With that said, the threat actors claim that refusing to pay the ransom and having this data leaked may have legal ramifications for the company from GIGABYTE’s business partners.
Aside from confidential corporate data, the leaked archive appears to contain no identifiable personal user information like customer credit card details, account credentials, or other sensitive personal documents.
This is a developing story. We will continue to assess the situation as more information comes to light. We have attempted to contact GIGABYTE but have not received a reply by the time of publishing.
For organizations that wish to avoid becoming victims of ransomware groups, here are a few basic precautions to have in mind:
- Establish an intelligent threat detection system or a security incident event management system. In the event of a breach by malicious actors, such systems will alert your IT personnel about the incident in real-time and help them prevent data exfiltration from company servers.
- Use a secure encryption algorithm to encrypt your confidential data. When encrypted, your company data would be all but useless to attackers. The data would be scrambled by the algorithm, which would render it unreadable for unauthorized parties without a decryption key.
More from CyberNews:
Subscribe to our newsletter