Nvidia hacked by ransomware group, steals its stolen data back

American multinational technology company Nvidia was reportedly hit by a cyberattack that "completely compromised" its internal systems and resulted in two days of downtime. Initial reports speculated that the hack might have originated from Russia amid ongoing hostility in Ukraine.

However, more recently, South American ransomware group Lapsu$ have instead claimed responsibility for the attack. Moreover, the hackers allege that the microchip company hacked them back, encrypting the stolen data and installing ransomware on their private systems.

Nvidia hacks ransomware group Lapsu$, encrypts stolen data

According to a cyber intelligence source on Twitter, the Lapsu$ hacker group claimed responsibility for the Nvidia hack, exfiltrating more than one terabyte (TB) of company data, including Nvidia employees' passwords and NTLM hashes.

LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data.

LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successful ransomed their machines

Intel and photos courtesy of @S0ufi4n3pic.twitter.com/fXcTNqgIpW

— vx-underground (@vxunderground) February 26, 2022

Followingly, the hacker group also claimed that Nvidia launched a counter-attack on its private systems, writing, "Nvidia are criminals. Some days ago, we conducted [an] attack against Nvidia and stole 1TB of confidential data. Today we woke up and found Nvidia scum had attacked our machine with ransomware."

• Read more: Valorant Champions Tour postponed after Russian invasion of Ukraine

The hackers continued, "Luckily we had a backup, but why the f*ck [did] they think they can (sic) connect to our private machine and install ransomware." In the images provided by infosec enthusiast Soufiane Tahiri, the hackers also showed how their systems reported 100% disk usage, allegedly from Nvidia encrypting their drives.

In case you're wondering how Nvidia breached Lapsu$'s systems, the group claimed, "It's simple. Access to Nvidia employee VPN requires the PC to be enrolled in MDM, [or] Mobile Device Management. With this, they were able to connect to a [virtual machine] we use." So essentially, Lapsu$ inadvertently left a backdoor for Nvidia to counter-hack its systems.

The ransomware group further claimed that the Nvidia "successfully encrypted the data"; however, they noted they "have a backup, and it's safe from scum." Furthermore, Lapsu$ confirmed that they were not hacked by a competitor group or any other sort.

Indeed, it's uncharacteristic for a public company to initiate hackers, be it counterattacks or not; however, it's arguable whether it could be an effective deterrent from future cyberattacks.

Despite these musings, there seems to be no connection between the hack and the conflict between Russia and Ukraine. We will endeavour to update you regarding any further developments.

• Read more: Female Tekken Pro says short men don't have human rights

Featured image courtesy of Unsplash and Nvidia.