Nvidia, the world’s biggest semiconductor chip company, has confirmed that it has been on the receiving end of a ransomware attack. Among the information stolen, employee credentials and proprietary company information are now being leaked online, according to statements from the company to TechCrunch.
Reports had started to emerge about a possible ransomware attack on the company as early as February 25. The group behind the attack is thought to be ‘Lapsus$,’ which claimed responsibility on its Telegram channel, stating that it has stolen over 1 terabyte of data from Nvidia.
The group claims that it has gotten access to proprietary data like source code, including the code for Nvidia’s hash rate limiter, which makes Nvidia’s graphic cards worse for cryptocurrency mining.
Lapsus$ has also hit the Brazilian Ministry of Health, a Portuguese company, and South American corporations Claro and Embratel. The group has claimed that it is not politically affiliated and implied that the hack is not in response to the ongoing Russia-Ukraine conflict, which Nvidia has also corroborated.
Nvidia hacks back
On realising the attack, Nvidia hired cybersecurity experts and informed law enforcement agencies. But that is perhaps not the only action that the company took.
Nvidia somehow managed to track Lapsus$ members and hack into their systems to install ransomware. Screenshots shared by threat analysts and Vx-underground, an organisation dedicated to collating information about malware, Lapsus$ was successfully targeted by Nvidia.
Lapsus$ called Nvidia “criminals” and “scum” for installing ransomware on their machines. Unfortunately for Nvidia, the tactic did not work as the information was already backed up to other devices. Hacking back hackers is not unheard of as it prevents the leak of confidential information.
LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data.
LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successful ransomed their machinesIntel and photos courtesy of @S0ufi4n3 pic.twitter.com/fXcTNqgIpW— vx-underground (@vxunderground) February 26, 2022
Lapsus$ demand
Lapsus$ is demanding a fee from Nvidia, as is usually the case in ransomware attacks, to not leak the information online. Perhaps strangely, they have also demanded Nvidia to make its future GPU drivers open source.
#Lapsus want to make #Nvidia Open source lol 😂@SOSIntel@vxunderground@GossiTheDog@campuscodi#CyberAttacks#infosec#leaks pic.twitter.com/p3a7Z8e9Eb
— Soufiane Tahiri (@S0ufi4n3) March 1, 2022
Nvidia has stated that it is currently analysing the data which has been stolen and now being leaked. “Security is a continuous process that we take very seriously at Nvidia -- and we invest in the protection and quality of our code and products daily,” the Nvidia spokesperson added to TechCrunch.