GIGABYTE, the Taiwanese manufacturer and distributor of computer hardware was a victim of the RansomEXX ransomware gang where 112GB of data were claimed to be stolen.
The leak site of the RansomEXX gang does not include the company name as of now, but it was found that the attack was conducted by this ransomware gang.
As soon as the attack occurred, the company shut down its systems to prevent the ransomware from spreading. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website.
The company confirmed the security breach, notified law enforcement and also launched an investigation into the incident together with external security experts.
All affected internal services have resumed operation and currently, production, sales and daily operations are not affected.
When the RansomEXX operators encrypt a network, they will create ransom notes on each encrypted device. These ransom notes contain a link to a non-public page that could be accessed by the victim to test the decryption of one file and to leave an email address to begin ransom negotiations.
In a ransom note, the threat actors had included the link to the private leak page in which they have claimed to have stolen 112 GB of data from an internal Gigabyte network, as well as the American Megatrends Git Repository.
The threat actors also shared screenshots of four documents under NDA stolen during the attack.