The recent cyberattack against Nvidia saw threat actors made away with a terabyte of sensitive data, the GPU maker has confirmed.
“We are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online,” the company said in a statement.
Nvidia did not detail the nature of files that were stolen, however LAPSUS$, the group that says it conducted the raid claims it got away 1TB of data about the company’s hardware and software - which it is now threatening to leak online unless the company pays a cryptocurrency ransom.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
Leaking bits of data
To prove they mean business, the group has already leaked 19GB of stolen data, including the source code for Nvidia's framerate boosting DLSS technology.
Even though LAPSUS$ is a ransomware operator, Nvidia is saying the group did not deploy such malware on its endpoints (opens in new tab).
"We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict," the company said.
The group rose to infamy in early January this year, when it targeted Impresa, Portugal’s biggest media conglomerate. Striking over the New Year holidays, it took down multiple Impresa websites, TV channels, as well as the website of the Expresso printed newspaper, although it claims not to be affiliated with a nation-state of any kind.
> Ransomware attacks saw a huge rise in 2021 (opens in new tab)
> The average ransomware group only lives for two years (opens in new tab)
> Hackers threaten to turn every Nvidia GPU into a Bitcoin mining machine (opens in new tab)
It claimed to have gained access to the company’s Amazon Web Services (AWS) infrastructure, as well as its Twitter account.
In early December 2021, the group struck the websites of Brazil’s Ministry of Health (MoH), suspending Covid-19 vaccination efforts across the country. It claimed to have stolen 50TB worth of data, before deleting them from the MoH’s servers.
- Here's our rundown of the best firewalls (opens in new tab) right now
Via: PCMag (opens in new tab)