A ransomware group by the name of Lapsus$ is claiming that NVIDIA has hacked its systems in retaliation for a recent cyber attack on the chipmaker. It was reported on February 25 that NVIDIA’s internal systems had been “completely compromised.” At the time, it was believed that the attack might have been a result of Russian cyber warfare. Now it appears that a known ransomware group, who is believed to be based somewhere in South America, is claiming responsibility for the attack, and it has, in turn, become victims themselves.
Lapsus$ members say they awoke after the attack on NVIDIA to find their systems were being encrypted.
The group has also claimed it had already backed up the files, so the attack is all for naught, despite its own systems having been encrypted. Some of the data had already been released on the internet prior to the attack, but the group has stated that it is not sure how the rest of it will be released.
“We are not sure how we will leak the data yet. We think it will be in 5 different releases, it’s very large, almost 1TB.”
[ALERT] LAPSUS ransomware gang leaked the credentials of NVIDIA employees. And announced that it would soon release 1TB of stolen data. pic.twitter.com/0WVb7G88So— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) February 26, 2022
Employee passwords and hashes have surfaced, and there’s some speculation that NVIDIA may have had some sort of countermeasure planted in the stolen data.
1tb of Canaries.. Well I don’t really believe it. Some screenshots of source code start popping pic.twitter.com/J4GP78BAtd— Soufiane Tahiri (@S0ufi4n3) February 26, 2022
The group has gone on to explain the process by which it obtained the stolen data. It turns out those means may have actually been the method that led to its systems being compromised. CNN has reported that mobile device management software was claimed to have been used in both attacks.
Lapsus$ said on Telegram that accessing the VPN of Nvidia employees requires a PC to be enrolled in mobile device management (MDM), according to screenshots posted to Twitter. For this reason, Nvidia was able to connect to a virtual machine that Lapsus$ uses, according to the ransomware operator. – Michael Novinson (CNN)
NVIDIA has not claimed any responsibility for the attack on Lapsus$, nor is it currently known if it intends to pay the group either.