Taiwanese computer hardware vendor Gigabyte Technology Co. Ltd. has allegedly been hit by a ransomware attack, the second time in three months. The previous attack on the firm, occurred in August when the RansomEXX gang stole 112 gigabytes of sensitive data.
The latest attack came to light when DarkWeb Criminal Intelligence noticed on Twitter that a group going by the name of AvosLocker is claiming to have successfully targeted the company and is publishing the samples of stolen data as proof. The ransomware gang was first discovered searching for affiliates on underground forums in late June.
According to Privacy Sharks, the ransomware gang has released some stolen data as proof that they did indeed successfully target Gigabyte. The stolen data includes passwords and usernames, employee payroll details, human resources documents, and credit card details.
Additionally, the shared 14.9 MB sample also contains documents linked to the relationship between Gigabyte and several firms including Barracuda Networks Inc., Blizzard Entertainment Inc., Black Magic, Intel Corp., Kingston Technology Corp., Amazon.com Inc., and Best Buy Co. Screenshots.
If the stolen data is authentic as ransomware gang claims, then it could be a major concern for Gigabyte, especially since a report earlier this month indicated that AvosLocker is planning a twist to the classic double-extortion model to punish non-paying victims by auctioning their data rather than just free release.
“The details in the file tree should be extremely concerning to Gigabyte as they consider the impact of this breach. In most double extortion schemes, the data theft focuses on quantity rather than quality. The file tree from this dump suggests that in this case, the threat actor focused on quality,” Jake Williams, co-founder and chief technology officer at incident response firm BreachQuest Inc. stated.
“To facilitate sales, AvosLocker must steal data that’s worth buying,” he said.
“The file tree (directory listing) teased by AvosLocker certainly appears to be the kind of data that would be valuable to a multitude of cybercriminals.,” he added.
Ransomware assaults have been on the surge since the infamous WannaCry attack in 2017.
According to a report by Comparitech, in 2021 alone US firms suffered a loss of US$21 billion due to ransomware attacks.
“The selective leaking of information is a method to further entice victims into paying the ransom, noting that this will keep occurring as long as the economics favor paying a ransom John Bambenek, principal threat hunter at information technology and security operations company Netenrich Inc. stated. What will be interesting to see is how this method of auctioning data will change the math, but in the end, crime on the internet still pays,” the report read.