NVIDIA Strikes Back At The Hackers Who Hacked Them

According to Vx-underground on Twitter, NVIDIA, which was the victim of an epic cyberattack last week, has reportedly retaliated against the hacker group that attacked them by hacking them:

The interesting part of the incident is that the group has reportedly made a copy of the stolen data on a virtual-machine environment, which implies that this counter-attack was not be successful. But it’s interesting that NVIDIA decided to go this route as opposed to engaging law enforcement.

LAPSU$ made the news recently for pwning a TV network in Portugal. They’re apparently based in South America and is well known in the ransomware community. And clearly this ransomware group takes steps to protect themselves that companies should be taking to avoid getting pwned. Such as making backups.

Mark my words. This is not over. There’s going to be more coming from this story.

UPDATE: Here’s some more info. NVIDIA has spoken. While they haven’t commented on attacking LAPSU$, they did say that the attack leaked employee credentials and some company proprietary information online after their systems were breached.

“We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict,” the company’s spokesperson said in a statement. The Santa Clara, California-based company said it became aware of the breach on Feb. 23. Nvidia added it was working to analyze the information that has been leaked and does not anticipate any disruption to the company’s business. A ransomware outfit under the name “Lapsus$” has reportedly claimed to be responsible for the leak and seemingly has information about the schematics, drivers and firmware, among other data, about the graphics chips.

UPDATE #2: Dr. Saumitra Das, CTO and Co-Founder, Blue Hexagon had this to say:

“This is typical of ransomware gangs nowadays where they can still cause brand damage and steal IP without actually deploying the final ransomware payloads. Double and triple extortion are all part of the current playbook for these attackers. In this case, it appears that the group claims to have been able to steal IP without encrypting data. There is always a tradeoff for the attackers between encrypting data and stealing data because encryption and deletion can trigger alarms at organizations with mature security programs and take away the leverage from the attackers.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: