However, more recently, South American ransomware group Lapsu$ have instead claimed responsibility for the attack. Moreover, the hackers allege that the microchip company hacked them back, encrypting the stolen data and installing ransomware on their private systems.
Nvidia hacks ransomware group Lapsu$, encrypts stolen data
According to a cyber intelligence source on Twitter, the Lapsu$ hacker group claimed responsibility for the Nvidia hack, exfiltrating more than one terabyte (TB) of company data, including Nvidia employees' passwords and NTLM hashes.
LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data.— vx-underground (@vxunderground) February 26, 2022
LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successful ransomed their machines
Intel and photos courtesy of @S0ufi4n3pic.twitter.com/fXcTNqgIpW
Followingly, the hacker group also claimed that Nvidia launched a counter-attack on its private systems, writing, "Nvidia are criminals. Some days ago, we conducted [an] attack against Nvidia and stole 1TB of confidential data. Today we woke up and found Nvidia scum had attacked our machine with ransomware."
The hackers continued, "Luckily we had a backup, but why the f*ck [did] they think they can (sic) connect to our private machine and install ransomware." In the images provided by infosec enthusiast Soufiane Tahiri, the hackers also showed how their systems reported 100% disk usage, allegedly from Nvidia encrypting their drives.
In case you're wondering how Nvidia breached Lapsu$'s systems, the group claimed, "It's simple. Access to Nvidia employee VPN requires the PC to be enrolled in MDM, [or] Mobile Device Management. With this, they were able to connect to a [virtual machine] we use." So essentially, Lapsu$ inadvertently left a backdoor for Nvidia to counter-hack its systems.
The ransomware group further claimed that the Nvidia "successfully encrypted the data"; however, they noted they "have a backup, and it's safe from scum." Furthermore, Lapsu$ confirmed that they were not hacked by a competitor group or any other sort.
Indeed, it's uncharacteristic for a public company to initiate hackers, be it counterattacks or not; however, it's arguable whether it could be an effective deterrent from future cyberattacks.
Despite these musings, there seems to be no connection between the hack and the conflict between Russia and Ukraine. We will endeavour to update you regarding any further developments.
Featured image courtesy of Unsplash and Nvidia.