A few days after GPU maker NVIDIA lost almost 1 TB of data to the Lapsus$ ransomware gang, the company has responded by hacking the group’s systems. Lapsus$ is demanding NVIDIA open-sources GPU drivers, disables LHR for crypto mining, and pays a ransom.
This week, NVIDIA confirmed it was breached by threat actors who reportedly stole sensitive company information totaling approximately 1 TB, including details of all latest GPUs by the company. The theft occurred following a cyberattack last week by a relatively new ransomware group Lapsus$, who are now leaking the data online.
NVIDIA didn’t confirm whether it was Lapsus$ who breached their networks and exfiltrated data but said they have been aware of the breach since February 23. “We are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online,†NVIDIA told Bloomberg.
“Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.†According to reports, Lapsus$ wasn’t initially looking for monetary gains and demanded NVIDIA to open-source their GPU drivers for Windows, Mac, and Linux.
Lapsus$ is also demanding NVIDIA to disable Lite Hash Rate or LHR, a mining performance limiter. Basically, disabling it removes the limitations from its GPUs that hinder their use for mining cryptocurrencies. Subsequently, Lapsus$ is also looking for buyers who want to bypass LHR in GPUs. So there is a financial incentive involved, just not directly from the U.S.-based chipmaker.
See More: San Francisco 49ers Struck by BlackByte Ransomware Gang Ahead of Super Bowl
Previously, Lapsus$ attacked Brazil’s Ministry of Health in December 2021 and exfiltrated data associated with the country’s immunization program. In January this year, the threat actor also targeted Portugal’s largest media conglomerate and defaced all of its websites with a ransom note.
The Verge obtained a screengrab of the ransom message from Lapsus$ to NVIDIA, posted below:
NVIDIA has also confirmed that the attacker is leaking data onlineOpens a new window . This includes a 19GB archive of source code of NVIDIA’s Deep Learning Super Sampling (DLSS) technology and other software information and employee credentials. “We are not sure how we will leak the data yet. We think it will be in 5 different releases, its very large almost 1 tb.†The next on Lapsus$’s list was data on the new RTX GPUs.
NVIDIA downplayed the incident after Lapsus$ took responsibility for the hack on their open Telegram channel. The company, however, is hitting back hard, apparently by hacking back Lapsus$ itself. Earlier this week, the malicious group, operating out of South America, had this to say on their Telegram channel:
“EVERYONE!!! NVIDIA ARE CRIMINALS!!!!!!!!! SOME DAYS AGO A ATTACK AGAINST NVIDIA AND STOLE 1TB OF CONFIDENTIAL DATA!!!!!!. TODAY WOKE UP AND FOUND NVIDIA SCUM HAD ATTACKED **THE** MACHINE WITH RANSOMWARE……. LUCKILY IT HAD A BACKUP BUT WHY THE FUCK THEY THINK THEY CAN CONNECT TO THE PRIVATE MACHINE AND INSTALL RANSOMWARE!!!!!!!!!!!â€
Seriously what the hell is going on !!#LapsusOpens a new window is claiming attacks on #NvidiaOpens a new window then #NvidiaOpens a new window hit back with a #RansomwareOpens a new window
Lapsus claims to have 1TB of data and is leaking all Nvidia employees’ passwords and NTLM hashes@Cyberknow20Opens a new window @SOSIntelOpens a new window @vxundergroundOpens a new window @ransomwaremapOpens a new window pic.twitter.com/6hugTWEuhwOpens a new window
— Soufiane Tahiri (@S0ufi4n3) February 26, 2022Opens a new window
It is unclear if NVIDIA managed to get back their data. NVIDIA has apprised law enforcement and is collaborating with cybersecurity experts to contain the effects of the attack.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!