Gigabyte has allegedly suffered a serious ransomware attack by AvosLocker. The cybercriminal group has threatened to leak data from Gigabyte’s network if the company declines to negotiate. The stolen data contains sensitive information such as passwords and candidate resume. Such a leak of confidential data will result in serious consequences for a company, nonetheless, Gigabyte is yet to give a response to the attack.
The breach occurred on Oct 20, 2021, AvosLocker had posted a press release on their onion site stating they had stolen files from the company’s site. The threat group intends to release the files if Gigabyte doesn’t reach out to negotiate a ransom.
"Gigabyte INC suffered a breach, and this is a sample of the files we’ve downloaded from their network. Barracuda NDA + full dir list leaked in the sample. If they refuse to negotiate, we will leak all the data we’ve got. Attached are some of the documents that were exfiltrated.” said AvosLocker.
An independent researcher at Privacy Sharks confirmed the contents of the sample file released by AvosLocker. The file leaked on the data site was called ‘proof.zip’ and is 14.9MB in size.
• Potential credit card details. Fortunately, if these files contain credit card information, the credit cards may be expired as this folder is from 2014. • Password and username details. • Employee payroll details. • HR agreements with consultants as well as full names, images, and CVs. • 10 PDF documents in a file named ‘Passports.’ • Information on over 1,500 job candidates, including full names, CVs, resumes, and applications. There are also Zoom internet details with what appears to be personal information on each candidate. • A folder named ‘Mailchimp’ containing GSM Account Database information. This could include email addresses. • A zip folder containing an NDA and information of a deal with Barracuda Networks worth $100,000+ • In addition to Barracuda Networks, the leak includes various data from the following well-known companies: Blizzard, Black Magic, Intel, Kingston, Amazon, BestBuy. • A .txt file named ‘Tree’ containing 133,352 lines of folder and file names was stolen in the breach. • Business expenses from trips such as ‘Hawaii 2019’, including money spent on Luau drinks, uber trips, and tips. • Images from company events, including Christmas parties, Halloween parties, and ‘Tony’s Birthday.’
As per GDPR law, it requires companies to delete data after the hiring process is over to prevent it from falling into the wrong hands, in this scenario, AvosLocker.
However, from the contents of the file which included data of 1,500 job candidates with CVs and resumes, we can say that the company failed to do so. The file also exposed a signed NDA between Gigabyte and Barracuda Networks which can be very damaging for future financial negotiations of a company.