Cybercrime , Cybercrime as-a-service , Endpoint Security
Chipmaker Nvidia Investigating Potential Cyberattack
Lapsus$ Ransomware Group Claims Credit for AttackChipmaker Nvidia has reportedly suffered a massive outage after an alleged security incident affected the company's developer tools and email systems.
See Also: The Expert Guide to Mitigating Ransomware & Extortion Attacks
The two-day-long attack was caused by a malicious network intrusion, as first reported by The Telegraph.
"We are investigating an incident. Our business and commercial activities continue uninterrupted," Nvidia said in a statement to ISMG "We are still working to evaluate the nature and scope of the event and don't have any additional information to share at this time."
South American ransomware group Lapsus$ has claimed responsibility for the incident and claims to have exfiltrated over 1TB of proprietary data, according to a Twitter user named Soufiane Tahiri.
A spokesperson for Nvidia was not immediately available to comment.
A global company based in Santa Clara, California, Nvidia designs graphics processing units for the gaming and professional markets, as well as "system on a chip" units for the mobile computing and automotive market.
Lapsus$ Ransomed
Lapsus$ says that Nvidia performed a hackback and successfully ransomed its machines. But hackers say they had a backup and are now leaking all Nvidia employees' passwords and NTLM hashes.
ISMG was able to verify the gang's claims and spotted a Telegram channel named Lapsus$ with under 7,000 subscribers claiming to have breached the database and shared some samples of leaked data.
"To address all the rumors about how Nvidia hacked us. It's simple. Access to Nvidia employee VPN requires the PC to be enrolled in MDM (Mobile Device Management). With this, they were able to connect to a VM we use. Yes, they successfully encrypted the data. However we have a backup and it's safe," the group posted on its Telegram channel.
Lapsus$ also says it is now planning to leak the data in five different releases, as the stolen database is very large.
"On another note, if Nvidia contacts us in email and pays a fee, we will ensure the data isn't leaked," the group says. The group also claims that it is planning to leak data about the RTX and GPUS.
This is pretty wacky, they are now asking for payment before a set date but don't know what to do with the data pic.twitter.com/z3GuzU16Hh
— CyberKnow (@Cyberknow20) February 26, 2022
Lapsus$ group hit the limelight in December 2021 following a ransomware attack on websites owned by Brazil's Ministry of Health. The group claimed to have stolen and subsequently deleted around 50TB of data from the ministry’s systems.