Many ransomware attacks are random occurrences, with no more reason for the perpetrator targeting the victim than they spotted a vulnerability and thought they could make some money in return for releasing stolen resources. However, in the case of the tech giant NVIDIA, the cybercriminals had a specific reason to attack the business and made a series of demands that didn’t directly request payment.
This case study shows why companies need to be alert to hacks from multiple sources and for an array of reasons. In addition, it shows how failing to prevent cyber crime can lead to competitors finding out business-sensitive information.
The background
NVIDIA has confirmed that it became aware of the breach on February 23rd, 2022. It found that a ransomware group called LAPSUS$ had stolen one terabyte of data. This included login details of more than 71,000 of its employees, sensitive details on the designs of some of the company’s graphics cards, and source code for an AI rendering system.
The criminal group, thought to be based in South America, threatened to leak the data online if NVIDIA failed to remove a limiter that it had placed on its graphics cards to slow down performance when they detected the user was mining for cryptocurrency. In addition, LAPSUS$ demanded that the tech firm make the drivers for its graphics chips open source.
Data obtained illegally from NVIDIA’s systems included secret technical information about both current and future products, as well as details of revisions the company was making.
The response
Once NVIDIA became aware of the breach, it reported:
“We hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.”
At first, the company’s concern was that the group had implanted malware in one of its software updates in a way that could have affected millions of customers worldwide. However, it found that the hackers were solely leaking the information.
Within days of the attack, nearly a fifth of the 71,000 usernames and passwords had appeared online. NVIDIA demanded all users change their credentials with immediate effect.
But, LAPSUS$ claimed that NVIDIA had taken an additional and unexpected step.
Revenge hack?
In a twist to the tale, the hacking group claimed that NVIDIA had not only refused their demands but had attempted to hack the hackers! There was some question over whether the company had sought to encrypt the hackers’ virtual machine or infect them with malware.
A source close to the tech firm told Wired it was unlikely to have occurred in that manner and, in fact, it is illegal under US law to hack back at these groups. Later, LAPSUS$ changed its story to a more vague “NVIDIA tried but failed, we have all the data”.
The Lesson
The lessons from the case are many. Even tech companies can suffer breaches and they might be targeted for technical reasons as opposed to immediate financial benefit. For employees, regularly changing passwords is important, especially if the attack is not detected for a number of days. And, the earlier you can detect a cyber attack, the quicker you can contain and eradicate it.
How Vaultry Can Help
Vaultry monitors all devices on your network to spot any programs that shouldn’t be there. From freemium apps to cracked software, you receive an alert and can remove the offending program before it causes a problem. Get started with Vaultry today to find out how it can help you protect your organization.
