[MART] - Daily Diary #321 - Gigabyte Attacked by RansomEXX

CTAS-MAT ctas-mat at appgate.com
Fri Aug 6 19:15:39 UTC 2021

I hope everyone is doing well!

Below is the entry for today.

08/06/2021 - Diary entry #321

Covered in our Daily Diary #151, RansomEXX (a.k.a Defray) is a human-driven ransomware that usually breaches into companies' networks using leaked credentials or by exploiting known vulnerabilities from outdated software. RansomEXX, like most active ransomware families nowadays, practices the double-extortion ransom, in which they steal files rather than just encrypting them, and demand a ransom payment to not publishing them in their wall-of-shame.

This week the computer hardware giant Gigabyte confirmed they suffered a ransomware cyberattack, affecting some of their servers in Taiwan. Gigabyte said after detecting abnormal activity their IT systems were shutdown and law enforcement was notified. Although Gigabyte hasn't confirmed the attack was conducted by RansomEXX, a link to a non-public deep web page with the ransom note is circulating the internet. According to the ransom note, the threat actors stole 112GB of data, some of them under NDA (Intel, AMD, American Megatrends).

RansomEXX's wall-of-shame website is one of the many monitored by our team, but so far nothing regard Gigabyte was published. It's not clear if Gigabyte is still negotiating with RansomEXX or if they decided to pay the ransom. After a successful attack, most malware families wait for a few days to publicly disclose an attack.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210806/08841a57/attachment.htm>

More information about the MART mailing list