Hackers reportedly threaten to leak data from Gigabyte ransomware attack

Gigabyte has been the victim of a cyberattack, which was reportedly the work of a ransomware outfit called RansomEXX. According to The Record, the attack didn’t have an impact on any of the company’s production systems, but it did affect some internal servers. Currently, some parts of Gigabyte’s website, including its support section, are down, giving customers issues when trying to access warranty repair information and updates. The hackers who claim to have carried out the attack are reportedly threatening to release data from the company, including confidential documents from Intel, AMD, and American Megatrends.

Gigabyte is mainly known for its PC components such as motherboards and graphics cards, but it also has a line of laptops and peripherals like gaming monitors, which are often branded with the Aorus name.

According to a ransom note and dark web webpage, seen by Bleeping Computer and The Record, RansomEXX threatens to publish 112GB of data it got from Gigabyte and an American Megatrends Git repo. Bleeping Computer reports that the hackers also include screenshots of documents from Intel, AMD, and American Megatrends that are under an NDA. American Megatrends creates firmware for motherboard and computer manufacturers as well as for certain Chromebook manufacturers.

PC manufacturers aren’t an uncommon target for hackers: earlier this year, Acer was reportedly hit with an attack by the REvil group, which would later go on to target one of Apple’s suppliers. In both cases, hackers threatened to release valuable data if the companies didn’t pay exorbitantly high ransoms of $50 million. The scourge of ransomware has also gone beyond traditional tech companies, affecting hospitals, fuel pipelines, insurance companies, and more.

In Gigabyte’s case, the sum that the hackers are seeking doesn’t yet appear to be public. Bleeping Computer reports, however, that RansomEXX’s ransom notes direct companies to contact an email address to start negotiations.

Gigabyte didn’t respond to a request for comment, but it told The Record that the company has isolated the affected servers, notified law enforcement, and is beginning an investigation. Gigabyte hasn't publicly named RansomEXX as the responsible party.