{
	"id": "f43e6645-09c0-4582-b2bf-6cdaf353dfd7",
	"created_at": "2026-04-06T00:09:50.157918Z",
	"updated_at": "2026-04-10T03:21:12.17891Z",
	"deleted_at": null,
	"sha1_hash": "f4462fe4f2005fbca5d8b643bf5d01b376bfef2b",
	"title": "Computer hardware giant GIGABYTE hit by RansomEXX ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3352762,
	"plain_text": "Computer hardware giant GIGABYTE hit by RansomEXX ransomware\r\nBy Lawrence Abrams\r\nPublished: 2021-08-06 · Archived: 2026-04-05 22:45:45 UTC\r\nTaiwanese motherboard maker Gigabyte has been hit by the RansomEXX ransomware gang, who threaten to publish 112GB\r\nof stolen data unless a ransom is paid.\r\nGigabyte is best known for its motherboards, but also manufactures other computer components and hardware, such as\r\ngraphics cards, data center servers, laptops, and monitors.\r\nThe attack occurred late Tuesday night into Wednesday and forced the company to shut down systems in Taiwan. The\r\nincident also affected multiple websites of the company, including its support site and portions of the Taiwanese website\r\nhttps://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nGigabyte support down due to ransomware attack\r\nCustomers have also reported issues accessing support documents or receiving updated information about RMAs, which is\r\nlikely due to the ransomware attack.\r\nAccording to the Chinese news site United Daily News, Gigabyte confirmed they suffered a cyberattack that affected a small\r\nnumber of servers. \r\nAfter detecting the abnormal activity on their network, they had shut down their IT systems and notified law enforcement.\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at\r\n+16469613731 or on Wire at @lawrenceabrams-bc.\r\nGigabyte suffers RansomEXX ransomware attack\r\nWhile Gigabyte has not officially stated what ransomware operation performed the attack, BleepingComputer has learned it\r\nwas conducted by the RansomEXX gang.\r\nWhen the RansomEXX operators encrypt a network, they will create ransom notes on each encrypted device.\r\nThese ransom notes contain a link to a non-public page meant to only be accessible to the victim to test the decryption of\r\none file and to leave an email address to begin ransom negotiations.\r\nToday, a source sent BleepingComputer a link to a non-public RansomEXX leak page for Gigabytes Technologies, where\r\nthe threat actors claim to have stolen 112GB of data during the attack.\r\nIn a ransom note also seen by BleepingComputer, the threat actors state \"Hello, Gigabyte (gigabyte.com)!\" and include the\r\nsame link to the private leak page shared with us by our source.\r\nhttps://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/\r\nPage 3 of 5\n\nNon-public Gigabyte data leak page\r\nOn this private leak page, the threat actors claim to have stolen 112 GB of data from an internal Gigabyte network, as well\r\nas the American Megatrends Git Repository,\r\nWe have downloaded 112 GB (120,971,743,713 bytes) of your files and we are ready to PUBLISH it.\r\nMany of them are under NDA (Intel, AMD, American Megatrends).\r\nLeak sources: newautobom.gigabyte.intra, git.ami.com.tw and some others.\r\nThe threat actors also shared screenshots of four documents under NDA stolen during the attack. \r\nWhile we will not be posting the leaked images, the confidential documents include an American Megatrends debug\r\ndocument, an Intel \"Potential Issues\" document, an \"Ice Lake D SKU stack update schedule,\" and an AMD revision guide.\r\nBleepingComputer has attempted to contact Gigabyte about the attack but has not heard back at this time.\r\nWhat you need to know about RansomEXX\r\nThe RansomEXX ransomware operation originally started under the name Defray in 2018 but rebranded as RansomEXX in\r\nJune 2020 when they became more active.\r\nLike other ransomware operations, RansomEXX will breach a network through Remote Desktop Protocol, exploits, or\r\nstolen credentials.\r\nOnce they gain access to the network, they will harvest more credentials as they slowly gain control of the Windows domain\r\ncontroller. During this lateral spread through the network, the ransomware gang will steal data from unencrypted devices\r\nused as leverage in ransom extortion.\r\nRansomEXX does not only target Windows devices but has also created a Linux encryptor to encrypt virtual\r\nmachines running VMware ESXi servers.\r\nOver the past month, the RansomEXX gang has become more active as they have recently attacked Italy's Lazio\r\nregion and Ecuador's state-run Corporación Nacional de Telecomunicación (CNT).\r\nhttps://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/\r\nPage 4 of 5\n\nOther high-profile attacks by the ransomware gang include Brazil's government networks, the Texas Department of\r\nTransportation (TxDOT), Konica Minolta, IPG Photonics, and Tyler Technologies.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/"
	],
	"report_names": [
		"computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434190,
	"ts_updated_at": 1775791272,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f4462fe4f2005fbca5d8b643bf5d01b376bfef2b.pdf",
		"text": "https://archive.orkl.eu/f4462fe4f2005fbca5d8b643bf5d01b376bfef2b.txt",
		"img": "https://archive.orkl.eu/f4462fe4f2005fbca5d8b643bf5d01b376bfef2b.jpg"
	}
}