Here’s something you don’t see everyday: A ransomware group that hacked graphics card marker NVIDIA has a very specific demand. Make NVIDIA graphics cards mine cryptocurrency faster or we will release your stolen, private data.
The hackers, known as Lapsus$, say that they have stolen over 1TB of data after hacking into Nvidia’s private network. The data includes email addresses and login credentials for more than 71,000 of NVIDIA’s employees. Some of this private data has already been released by the hackers.
However, Lapsus$ is issuing a ransom for the most valuable of NVIDIA’s data: the company’s source code and trade secrets.
“We decided to help mining and gaming community,” reads a message on Telegram attributed to Lapsus$ members. “We want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder. If they remove the lhr we will forget about hw folder (it’s a big folder). We both know lhr impact mining and gaming.”
In early 2021, amid a graphics cards shortage due to an uptick in cryptocurrency mining, NVIDIA adopted a new feature called Lite Hash Rate (LHR). LHR was designed specifically to limit Ethereum mining so that more graphics cards would be available for its intended purposes, like gaming.
LHR seems to have angered these hackers and the result is the ultimatum. Either NVIDIA removes LHR or, according to Lapsus$, they will “release the entire silicon chip files so that everyone not only knows your driver’s secrets, but also your most closely-guarded trade secrets for graphics and computer chipsets too!”
NVIDIA released the following public statement on the matter:
On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.
We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.
Security is a continuous process that we take very seriously at NVIDIA–and we invest in the protection and quality of our code and products daily.
The ransomware group has given NVIDIA until Friday to make its decision.
UPDATE: Mar. 4, 2022, 3:00 p.m. EST An earlier version of this piece misspelled NVIDIA.