After stealing the data, the threat actors, RansomExx, posted a message on the Dark Web, where it took credit for the hack and made its demands. As per the post, the collective says that it will only speak to an official representative from Gigabyte and if the person does not have the right to act on behalf of the company, it will raise the ransom amount. Failure on Gigabyte’s part to pay the ransom will, unsurprisingly, result in the group releasing all 112GB of data onto the internet. A lot of the stolen data is confidential and as pointed out by Tom’s Hardware, they include things like UEFI BIOS version for yet-to-be released products, TPM data, as well as American Megatrends documentation and Intel Ice Lake-D SKU Stack updates.
This isn’t the first time a Taiwanese PC brand has had its servers hacked. Earlier this year, Acer was the victim of the hacker group, REvil. The hacker group breached Acer’s cybersecurity and stole files that included financial spreadsheets, bank balances, and communications. The group then ransomed the data, demanding that Acer pay it US$50 million (~RM211 million). At the time of writing, Gigabyte still hasn’t commented on the hack or whether it will pay the ransom. Even if it did, there is still the possibility that the hackers will leak the data, even after the ransom has been paid. That itself is a reason as to why most companies refuse to negotiate with such groups or give in to their demands. (Source: The Record, Tom’s Hardware)