Nvidia should remove all mining brakes in its graphics card drivers by Friday and publish the drivers as open source. Otherwise, the hackers put all the captured data on the web.
Enlarge
Nvidia: Hackers set an ultimatum until Friday – or all graphics card data will be leaked
© Michael Vi/Shutterstock.com
An “incident” became a cyber attack: Nvidia has now confirmed that hackers were able to penetrate the graphics card manufacturer’s systems. The attackers were able to steal protected data, as the US IT security news site Bleeping Computer writes. In addition, the attackers got their hands on the login data of employees.
A few days ago, reports of a security incident at Nvidia made the rounds: Nvidia was probably the target of a ransomware attack. Lapsus$, a hacking group specializing in blackmail with stolen data, later claimed responsibility for the attack and published details about it. The attackers claimed to have stolen a terabyte of data from the Nvidia servers. This includes a lot of access data from Nvidia employees, but above all internal technical data for all current graphics cards as well as circuit diagrams, drivers and firmware. According to their own statements, the attackers had access to the Nvidia servers for around a week.
That’s what the hackers want
The attackers are threatening to take further action if Nvidia does not respond to the hackers’ demands. The hackers are not initially demanding a ransom, but instead: Nvidia is to release all of its GPU drivers for Windows, macOS and Linux as open source. The Verge has pictured the ransom note here. The hackers give Nvidia time for this
until this Friday.
If Nvidia does not comply with this requirement by March 4th, 2022, the hackers want to publish all stolen files with all information about the current Nvidia graphics cards and chipsets. Even to upcoming graphics cards. According to the information available to PCmag, the hackers are also said to be demanding that Nvidia removes all mining brakes from its graphics card drivers. In addition, the hackers should then demand money in the form of cryptocurrencies.
That’s what Nvidia says
Nvidia reports that it discovered the attack on February 23, 2022. It was not a ramsomware attack, so no data should have been encrypted for which decryption ransom could be demanded. Instead, according to Nvidia, the attackers simply stole the data. Nvidia would currently analyze the damage. Nvidia emphasizes that it assumes that the cyber attack will not affect its business or customer service.
Nvidia informed the authorities and improved its security measures. Nvidia currently has no evidence that the incident is related to the Ukraine war. However, Nvidia confirms that the attackers have started to spread their stolen data on the Internet.