Motherboard Vendor GIGABYTE Hit By RansomExx Ransomware Gang (therecord.media) 34
Taiwanese computer hardware vendor GIGABYTE has suffered a ransomware attack, and hackers are currently threatening to release more than 112 GB of business data on the dark web unless the company agrees to their ransom demands. An anonymous reader shares a report: The Taiwanese company, primarily known for its high-performance motherboards, confirmed the attack in a phone call and in a message on its (now-down) Taiwanese website. A spokesperson said the incident did not impact production systems. Only a few internal servers at its Taiwanese headquarters have been affected and have now been taken down and isolated. The company is currently in the process of investigating how the hackers breached its systems, stole files, and encrypted local copies. Local law enforcement has also been notified.
They need to learn... (Score:3)
If you do business on the Internet these orgs need to learn security is required, that means hiring knowledgeable people and implement what they suggest.
All to often when some security suggestion is turned on, if a high level executive does not like it because it makes them have to do something, it is disabled. I have seen this often many times.
Most people look at security as a drain on the bottom line and/or as something that only gets in the way of performing their tasks.
Re:They need to learn... (Score:4, Insightful)
Re:They need to learn... (Score:4, Informative)
>If you do business on the Internet these orgs need to learn security is required, that means hiring knowledgeable people and implement what they suggest.
I think that's a hard step, even if you manage to make the decision to take it. Arguably I am one of those knowledgeable people, I work in a big techy corporation doing interesting security work. Compared to the numbers of vulnerable companies out there, there simply are not enough of us to go around and being the lone security guy in a cheese factory isn't a career that appeals to me.
Getting organizational security right involves thinking deeply about the behavior of people and what will work, what will annoy, what will be effective in the presence of those users. Even the security-capable companies haven't managed that yet for themselves. So what hope for everyone else?
My wife had a yarn store, the sort that knitters go to (currently morphed into a wholesale business). It may have been the most information-secure yarn store since I helped out with that, wrote the PoS and handled the PCI-DSS side. For example, one simple workaround for the complexity of handling stored credit card data was we did not store it on computers. It went in a had-written book in a locked place. When orders came in for customers wanting the convenience of us holding their credit card numbers, the book was consulted and the order fulfilled. We could have had the computers wiped and be up and running in an hour. Fresh images, pull the code (all python) from backup, pull the PoS database backup (daily db backups, per-transaction logs to cloud storage intra day). The hour being the time to re-install Linux on a couple of machines. Installing the code and db backups was a script that took less than a minute.
None of this was complicated, but I don't know of other small scale retail businesses that work that way. They spend money on quickbooks or swype or square retail solutions and then complain about how bad it is.
However, even with all that, the security of web sales were at the mercy of the online platform. Fortunately, knitters don't do a whole lot of web shopping for yarn and tools. They want to feel it in their hands before buying.
I imaging Gigabyte's 11GB of data is very boring and won't be slightly interesting. They'll be back up and running, won't pay the ransom and the data will be worthless.
Re: (Score:2)
> They spend money on quickbooks or swype or square retail solutions and then complain about how bad it is.
Don't worry, instead of complaining about her retail solution, your wife complains about you.
Re: (Score:2)
> They spend money on quickbooks or swype or square retail solutions and then complain about how bad it is.
Don't worry, instead of complaining about her retail solution, your wife complains about you.
But she's stuck with me for tech support.
Re: (Score:3)
Re: (Score:2)
...or as something that only gets in the way of performing their tasks.
And why do you think password managers were invented if security wasn't getting the way?
Re: (Score:1)
Probably cheaper to just buy ransomware insurance. What's the likely monthly premium? Maybe 1 or 2 grand? Compared to the taxes, salary, and other expenses associated with hiring someone competent, it's probably a no-brainer for the beancounters and managers who are only concerned about their quarterly bonuses and don't care if they have to burn down the entire company to get it.
Re: (Score:2)
If you do business on the Internet these orgs need to learn security is required
- You're talking about a motherboard manufacturer which can't even write a UEFI boot code that works with Windows 10 USB installs. Though after 15 BIOS updates they did eventually release on which worked.
- You're talking about a motherboard company whose RGB software came with a system service called killcheck.exe which (and I'm not joking in the slightest) only exists to see if the actual RGB software has crashed so it can restart it. Though in fairness they fixed this recently... but the new version
- Thei
Re: They need to learn... (Score:2)
Re: (Score:2)
So do I. I've always had Gigabyte motherboards. The hardware on them is generally well designed, and I will continue to buy them. They just can't code software / firmware though to save themselves.
Hardware wise the only time they've ever really erred which I can remember was with the lower end X470 boards which inexplicably do not include anything remotely resembling a heatsink on the power stage. I was unfortunate enough to have had one of those. The VRMs reached 110C on a *non-overclocked* 2700x which is
Re: (Score:3)
If ransomware criminals were publicly tortured and executed by the government, there wouldn't be a ransomware criminal problem anymore.
You do know that when "hung drawn and quartered in public" was an actual sentencing option that people didn't stop breaking the law, right?
Re: (Score:2)
That's because this punishment was only done every so often. It wasn't consistent. It's like the death penalty (ok, it was the death penalty). We only execute people once every few years, and only for extremely limited crimes.
If one used the death penalty against rapists and child molesters, as well as against murderers in general, AND, and this is the key, d
The Laws of Eight (Score:2)
2. Punishment shall be swift.
3. Mercy is for the weak.
4. Terror will defeat reason.
5. Your allegiance is to the clan.
6. Justice can be dictated.
7. Any Clansman may challenge for leadership of the Clan.
8. There is only one penalty - DEATH
Re: (Score:1)
While I agree with "Capital Punishment", I realize that it is not cost-effective and definitely NOT a deterrent when administered in the manner that the USA administers it. The old Roman Empire did use Capital Punishment effectively. They had no prison system and many crimes warranted the dead penalty. This terrified the populace into obedience.
The best, IMH
No. (Score:2)
The problem here is your answer is barbarism and very obvious human-rights violations. On top of that, it wouldn't even work because it's been shown that the death penalty does not dissuade people from committing crimes. Criminals are terrible at risk assessment which is why they are criminals in the first place.
Re: No. (Score:2)
Re: (Score:2)
That may be true for a hardened few, but one thing it indisputably accomplishes is it weeds trash out of the gene pool.
No (Score:2)
then only the more hardcore hax0rs will run the scams. There's always someone willing to take the risk.
Re: (Score:2)
If ransomware criminals were publicly tortured and executed by the government, there wouldn't be a ransomware criminal problem anymore.
Yeah, & stuff like zero tolerance & 3 strikes rules like they have in the USA. BTW, did you know that the USA has the highest rate of incarceration & the largest prison population in the world. Despite cutting corners to the point of cruel & unusual punishments, egregious human rights violations, & abnormally high death rates, it's still very, very expensive to keep people behind bars, especially when it's incarcerating people prior to a death penalty & all the psychological issues t
Re: (Score:2)
What rubes! (Score:3)
If these criminals were any good at programming and crime then they could have infected millions of motherboards firmwares, waited and then execute the largest ransomware attack of all time. *Sigh* I suppose nobody ever accused criminals of being too intelligent.
Re: (Score:2)
If these criminals were any good at programming and crime then they could have infected millions of motherboards firmwares, waited and then execute the largest ransomware attack of all time. *Sigh* I suppose nobody ever accused criminals of being too intelligent.
That may have accidentally made Gigabyte's firmware functional and we can't have that. *stares awkwardly at the BIOS select switch in the secondary position even though the system is booting from primary because their code inexplicably got confused and has now suddenly reversed this switch*.
Re: (Score:2)
I recently got a bricked Gigabyte board where the owner had just flashed to the latest firmware. The dual-boot feature did not work, so I had to desolder and switch the BIOS chips to get it running. I found out that the firmware the company had on their website was for the wrong motherboard, so if I had flashed to the latest version, it would brick the board again with no way to recover.
Seriously, how does a company put two BIOS chips on their motherboards and still fail at redundancy, and not have any sa
Re: (Score:2)
Seriously, how does a company put two BIOS chips on their motherboards and still fail at redundancy
I had (past tense) a Gigabyte X470 Ultra Gaming. It had dual BIOS. My primary got corrupted due to a UEFI bug that gets triggered when running Ryzen master, so the system booted from the secondary. No problem we can just flash the... wait... no we can only flash the secondary. On their cheaper boards if the primary dies that's it. It'll attempt to boot from it 3 times and then switch to the secondary on every boot. No option to flash the primary*.
I RMAd the board and bought an X470 Wifi 7, that at least has
There is no "real" China, only power owns. (Score:3)
Those who physically control territory "own" it. The Kuomintang squandered their support long ago and did not lose by accident, while the ChiComs did the necessary (proven by success) to unify the mainland. They'll also assimilate Taiwan because they're more serious about Chinese unification than Taiwanese are about investing in deterrence. If you want to deter a superpower you build nuclear weapons and credibly demonstrate willingness to die fighting to destroy your opponent (the cornerstone of the practic
Re: (Score:2)
Before developing nuclear weapons, you need to be self-sufficient in conventional warfare weapons, including tanks, ships, submarines, planes, missiles, etc...
The reason why is the boycott you will suffer when the rest of the world learns about your nuclear research and developement.
Thus, it makes it quite impractical for a small country such as Taiwan to do so.
Video of the beat-down (Score:1)
https://www.youtube.com/watch?... [youtube.com]