Gigabyte, a well-known manufacturer of PC components, told Taiwan’s United Daily News that it was hit by a ransomware attack on Tuesday night that didn’t impact production systems, as it targeted a small number of internal servers located at its headquarters. The Gigabyte ransomware attack caused the company to shut down systems in Taiwan. The incident also affected numerous websites of the company, including its support site.
The company is still investigating how the breach occured, but possibilities are it all began with a phishing email campaign or stolen credentials bought from an online source. The affected servers are already back online, once the attack was detected, the company’s IT security teams instantly took action to restrict the threat.
RansomExx took the responsibility for Gigabyte ransomware attack
According to the Recorded Future report, the group RansomExx is claiming responsibility for the Gigabyte ransomware attack. They allegedly stole 112GB of company data during the intrusion, and are threatening to dump the files unless Gigabyte pays up. RansomExx has already created a private page on the dark web that contains alleged samples of the stolen files. The hacker’s page says; “We have downloaded 112 GB of your files and we are ready to PUBLISH it. Many of them are under NDA.
What is a ransomware attack?
Ransomware involves sending phishing software that could fool people into clicking a bad link. This link will trigger a denial of service (DOS), allowing the hackers to hold any company’s valuable data hostage temporarily. They will only give the stolen data back after the victimized company pays a ransom, hence the name. Hackers can steal sensitive information, which can be worth millions, which is why ransomware attacks are threatening.
How to protect your data against such attacks?
Most hackers use phishing/fake emails to fool people. If you receive an email that you know you’re not supposed to get, immediately delete the email and don’t click on anything in it, malware can’t take over computers and other systems if access privileges are severely limited. For businesses, security professionals recommend that only employees should be allowed to work with minimal digital freedom unless the company can count on them with sensitive information.
According to CNT, This isn’t a first for RansomExx, they previously used to operate as “Defray” and have a history of attacking Taiwanese companies like Garmin, Acer, Compal, Quanta, and AdvanTech. Over the last month, it also attacked Covid-19 vaccination booking systems in Italy and Ecuador’s state-run telecom company.