[BreachExchange] Hackers issue bizarre demand to NVDIA: Let us mine cryptocurrency faster or we release your stolen data

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Fri Mar 4 13:28:04 EST 2022


https://mashable.com/article/nvidia-ransomware-hackers-cryptocurrency-mining

Here's something you don't see everyday: A ransomware group that hacked
graphics card marker NVDIA has a very specific demand. Make NVDIA graphics
cards mine cryptocurrency faster or we will release your stolen, private
data.

The hackers, known as Lapsus$, say that they have stolen over 1TB of data
after hacking into Nvidia's private network. The data includes email
addresses and login credentials for more than 71,000 of NVDIA's employees.
Some of this private data has already been released by the hackers.

However, Lapsus$ is issuing a ransom for the most valuable of NVDIA's data:
the company's source code and trade secrets.

"We decided to help mining and gaming community," reads a message on
Telegram attributed to Lapsus$ members. "We want nvidia to push an update
for all 30 series firmware that remove every lhr limitations otherwise we
will leak hw folder. If they remove the lhr we will forget about hw folder
(it's a big folder). We both know lhr impact mining and gaming."

In early 2021, amid a graphics cards shortage due to an uptick in
cryptocurrency mining, NVDIA adopted a new feature called Lite Hash Rate
(LHR). LHR was designed specifically to limit Ethereum mining so that more
graphics cards would be available for its intended purposes, like gaming.

LHR seems to have angered these hackers and the result is the ultimatum.
Either NVDIA removes LHR or, according to Lapsus$, they will "release the
entire silicon chip files so that everyone not only knows your driver's
secrets, but also your most closely-guarded trade secrets for graphics and
computer chipsets too!"

NVDIA released the following public statement on the matter:

On February 23, 2022, NVIDIA became aware of a cybersecurity incident which
impacted IT resources. Shortly after discovering the incident, we further
hardened our network, engaged cybersecurity incident response experts, and
notified law enforcement.

We have no evidence of ransomware being deployed on the NVIDIA environment
or that this is related to the Russia-Ukraine conflict. However, we are
aware that the threat actor took employee credentials and some NVIDIA
proprietary information from our systems and has begun leaking it online.
Our team is working to analyze that information. We do not anticipate any
disruption to our business or our ability to serve our customers as a
result of the incident.

Security is a continuous process that we take very seriously at NVIDIA–and
we invest in the protection and quality of our code and products daily.

The ransomware group has given NVDIA until Friday to make its decision.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220304/43912ef0/attachment.html>


More information about the BreachExchange mailing list