The victim of a RansomExx attack is GIGABYTE, a Taiwanese vendor of computer hardware. Hackers are now threatening to release more than 112 GB of business data on the dark web, unless the demanded ransom is paid.
The attack has been confirmed in a phone call and on the now-down Taiwanese website of the company, TheRecord reported. Apparently, no production systems were impacted, just a few internal servers at the Taiwanese headquarters. All affected entities have been isolated and taken down to prevent further damage.
GIGABYTE is now investigating the details surrounding the attack, and how the ransomware actors sneaked into their systems to steal files and encrypt local copies. Local authorities have been notified as well.
RansomExx Behind the GIGABYTE Ransomware Attack
According to TheRecord, the attack should be attributed to the RansomExx gang. The media was able to obtain access through a source to a specific dark web page that contains the ransom demands. “The page is hosted on a dark web portal where members of the RansomExx ransomware cartel usually host threats to hacked companies and leak data from those that refuse to pay,” the media said.
Previous RansomExx Attacks
Earlier this year, in February, the RansomExx gang were reported exploiting two specific vulnerabilities, CVE-2019-5544 and CVE-2020-3992, in VMware ESXi. This VMWare device is a hypervisor allowing multiple virtual machines to share the same hard drive storage. The two flaws could aid an attacker on the same network to send malicious SLP requests to a vulnerable ESXi device. The attacker could then gain control over it.
In November last year, the same gang was caught in attacks against Linux systems.