Nvidia in recent days launched a retaliatory attack against the Lapsus$ ransomware gang to prevent the publication of the chipmaker’s stolen data, the ransomware group claimed.
“ALL PEOPLE!!! NVIDIA ARE CRIMINALS!!!!!!!! A FEW DAYS AGO AN ATTACK ON NVIDIA AND STEAL 1TB OF CONFIDENTIAL DATA!!!!!! (sic),” posted the Lapsus operator $ on his public Telegram channel. “Today I woke up and found that NVIDIA SCUM attacked **THE** MACHINE WITH A RANSOMWARE…….”
Screenshots of the publicly available Lapsus$ Telegram channel have been shared on Twitter by several security researchers, including Brett Callow, threat analyst at Emsisoft and Cybersecurity enthusiast Soufiane Tahiri. It’s unclear exactly when these messages were posted, and Lapsus$’s Telegram channel was unreachable on Saturday afternoon due to the alleged posting of pornographic content, Callow told CRN.
[Related: Nvidia Hack ‘Completely Compromised’ Internal Systems: Report]
Nvidia did not immediately respond to a request for comment from CRN on Saturday, but said Friday: “We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to assess the nature and scope of the incident. ‘event.
Lapsus$ said on Telegram that Nvidia employee VPN access requires a PC to be enrolled in mobile device management (MDM), according to screenshots posted on Twitter. Because of this, Nvidia was able to connect to a virtual machine used by Lapsus$, according to the ransomware operator.
Nvidia managed to encrypt Lapsus$’s data, but the ransomware group said it had a backup, which means its data was “safe from scum!!!” Lapsus$ claimed that it was not hacked by a competing ransomware group.
“LUCKY IT HAD A BACKUP BUT WHY THEY THINK THEY CAN LOG INTO THE PRIVATE MACHINE AND INSTALL RANSOMWARE!!!!!!!!!!!” Lapsus$ posted on Telegram.
Hacking is not common but has certainly happened before, Callow told CRN. According to Callow, dropping ransomware on an attacker’s network can prevent the ransomware group from disclosing the victim data it exfiltrated.
Before being hacked themselves, the Lapsus$ ransomware group leaked the credentials of Nvidia employees and said they would soon release a terabyte of stolen data, according to screenshots shared on Twitter by cybersecurity monitoring group DarkTracer. Lapsus$ claimed to have shared the password hashes of all Nvidia employees and said it would soon release data on RTX GPUs.
“We don’t know yet how we will release the data,” Lapsus$ wrote on Telegram, according to screenshots shared early Saturday morning by DarkTracer. “We think it will be in 5 different versions, it’s very big [sic].”
Lapsus$ said it would ensure that Nvidia’s data would not be leaked if the company contacted the ransomware group via email and paid an unspecified fee. Lapsus$ said it expects first contact from Nvidia on or before Friday, according to screenshots shared by DarkTracer.
The Lapsus$ ransomware gang is relatively new, but last month the websites of one of Portugal’s largest newspapers and a major broadcaster were taken offline, according to The National. Both the newspaper and the website are owned by Portugal’s largest media conglomerate, Impresa, according to The National.
In December 2021, Lapsus$ allegedly hacked the Brazilian Ministry of Health website and took down several systems, including one containing information about the national vaccination program and another used to issue digital vaccination certificates, according to The National. .
It’s unclear where Lapsus$ is based or if they have ties to other ransomware gangs, Callow told CRN, adding that there was nothing particularly unusual about the group.