Statement by Nvidia
While it’s unclear if any of Nvidia’s data was stolen or deleted, Bloomberg reports that the company faced a “minor ransomware attack.” Initial reports said that the company’s email network was knocked offline, but services seem to have resumed. Hector Martinez, an Nvidia spokesperson issued the following statement: “We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time.” The incident also forced Nvidia to delay a minor announcement scheduled for Thursday, Feb. 24.
Lapsus$ Group Possibly behind the Attack
The Lapsus$ ransomware group, which orchestrated the ransomware attack against Portuguese media houses in January, has claimed responsibility for the attack. The group claims it has already leaked credentials of Nvidia employees, and has threatened to release a further 1TB of stolen data. Lapsus$ also said it had information on software and firmware data for Nvidia’s Lite Hash Rate mining performance limiter. If true, this data could be very useful to cryptocurrency miners, as “every Nvidia 3000-series card ranging from the RTX 3060 through the RTX 3090 could be again turned into a 100% mining performance powerhouse.” Twitter user, Soufiane Tahiri, has provided more details of how the group managed to hack Nvidia’s systems. In a surprising turn of events, it seems Nvidia retaliated against Lapsus$ with a cyberattack of its own. Apparently, Nvidia gained access to a virtual machine used by Lapsus$ and encrypted the data stored on it. Lapsus$ says it still has a backup of the stolen data and is threatening to leak it. However, there is at least some suspicion over the accuracy of the group’s claims. This is primarily because Nvidia’s continued silence and reverse-hack are a very unusual response in such a situation.
No Signs the Attack Linked to Russia’s Invasion of Ukraine
Several media outlets also said there are no signs that the attacks have ties to Russia’s invasion of Ukraine. It is worth noting that Russia has not held back from deploying its cyber weaponry thus far. Moscow has already hit several Ukrainian government websites, and even warned other countries to refrain from interfering in the matter. Any potential cyberattack from Russia against an American company could lead to retaliatory action. Last week, U.S. President Joe Biden said, “If Russia pursues cyberattacks against our companies, our critical infrastructure, we’re prepared to respond.” If you found this story interesting, check out our article on ransomware. It also contains useful tips on how you can protect yourself and your IT network from ransomware attacks.