Ransomware gang starts leaking Nvidia's internal data
The Lapsus$ ransomware gang has begun leaking Nvidia's internal data, infuriated by the US chipmaker's efforts to fight back against an attack launched against it last week.
On Friday, Nvidia said it was investigating a potential cyberattack. Now, the Lapsus$ ransomware gang, apparently responsible for the attack, started leaking sensitive company data.
The Telegraph reported on Friday that the chipmaker was experiencing outages in the email system and developer tools for two days. Nvidia said it was investigating an incident and that business and commercial activities continued uninterrupted.
Ransomware gang Lapsus$ claimed responsibility for the cyberattack on Nvidia. The threat actor also said it had 1TB of data and would be leaking it step by step. On Friday, it started leaking Nvidia employees' passwords and hashes after Nvidia tried to fight back LAPSUS$ by hitting them back with ransomware.
"We hacked NVIDIA. The hack is kinda [sic] public atm, and here's our announcement. We were into nvidia systems for about a week, we fastly [sic] escalated to admin of a lot of systems," Lapsus$ said.
It seems that they were enraged by Nvidia's efforts to hack them back.
"We didn't plan to leak it, but Nvidia made a scummy move to try and delete our personal data," the ransomware gang said.
It added that Nvidia successfully encrypted their data, but Lapsus$ had a backup and was safe. Ironically enough, the ransomware gang repeatedly called Nvidia criminals, referring to them as “scum”..
Now it has released "Nvidia data leak part 1", suggesting that there will be more.
"Today we will leak part one of Nvidia data, this leak contains source code and highly confidential/secret data from various parts of NVIDIA gpu driver. Falcon, LHR, and such. (...) Soon will come another part," it said.
Lapsus$ is leaking the information for free, pretending to be activists in search of justice.
The threat actor also said it had decided to 'help the mining and gaming community.' "We want Nvidia to push an update for all 30 series firmware that remove every LHR limitation. Otherwise, we will leak the HW folder."
LHR stands for low hash rate, meaning that hardware is unsuitable for mining. However, Nvidia's LHR reportedly affects only Ethereum mining and does not affect gaming. The HW folder that Lapsus$ is referring to might contain some sensitive and schematic documents about Nvidia's hardware.
According to Reuters, at a market cap of nearly $600 billion, Nvidia is the most valuable chipmaker in the United States. It is known for its graphics processing units (GPU) that enhance video gaming experiences and advanced computer simulations.
In January, the Lapsus$ ransomware group attacked Impresa, one of the largest media groups in Portugal, causing several news outlets to shut down.
The Lapsus$ ransomware group also claims to have hacked Brazil's health ministry website last month, taking several systems down, including information about the national immunization program and another used to issue digital vaccination certificates.
ON Wednesday, Lapsus$ said it decided to add one more requirement.
“We request that NVIDIA commits to COMPLETELY OPEN-SOURCE (and distribute under a foss license) their GPU drivers for Windows, macOS and Linux, from now on and forever,” the group said on Telegram.
It threatens to release the ‘complete silicon, graphics and computer chipset files for all recent Nvidia GPUs, including the RTX 3090Ti and upcoming revisions’ if the request is not met by Friday.
Nvidia said it became aware of a cybersecurity incident which impacted IT resources on February 23, 2022.
“Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.”
It said there was no evidence of ransomware being deployed.
“However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.”
More from Cybernews:
Subscribe to our newsletter