Nvidia Vs Lapsus$ A Case of Hacking and Counter Hacking. Lapsus$ claims to still have a copy of the stolen data.
Ransomware has become a lucrative opportunity for hackers looking around for easy money. Since December last year, a seemingly new group has emerged whose objectives appear hazy. In just a few months, the hackers have recorded successes against a string of high profile companies like Microsoft, Nvidia, Samsung, Vodaphone and Ubisoft. The group likes itself to be known as Lapsus$.
Nvidia is a multi-billion dollar chip manufacturing company known for its GPUs which enhance gaming experience computer simulations. Its net worth, according to Reuters, is over $600 b.
Lapsus$ turned up under the prying eyes of investigators when they claimed to have attacked Brazil’s health ministry early last December. The data pertaining to national immunization program went into the control of the group and Lapsus$ was able to demand a hefty ransom to return as much as 1TB of data. Ministry officials, however, employed the services of cyber security experts and retrieved the data and revamped the entire system. The ransom amount was denied.
A couple of months later, Lapsus$ chose to attack chip maker giant, Nvidia. On February 23, the company confirmed that a cyber incident has taken place and that some data relating to proprietary information and employee login has been compromised. The hacker’s group started sharing the data openly as the news of breach began to spread. A large cache of 20gb, out of the stolen 1tb, was released online Shortly after learning about the incident, Nvidia promptly took steps to further strengthen their security protocols.
In addition, the company engaged cyber security response experts and informed law enforcement agencies to contain the loss and redress bruised reputation. In a communiqué to Bleeping Computer, Nvidia stated, “We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. “We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident…Security is a continuous process that we take very seriously at NVIDIA—and we invest in the protection and quality of our code and products daily.”
Four of the researchers investigating the Lapsus$ activity have traced the attacks to a sixteen year old hacker who lives in Oxford with his mother. They believe the teenager is the mastermind behind the attacks.
Another teenager, living in Brazil, is also believed be to be a member of the gang. And there might be several more because at least seven accounts have been discovered that can be tied to Lapsus$ activity. The Brazilian teen is blazing fast because the researchers tracking Lapsus$ activity were initially inclined to believe that it was automated.
Although money is a central motive of all ransomware groups, the methods employed by Lapsus$ do not support the idea that it is only money they are after. Researchers believe that notoriety is the other urge that drives this particular breed of hackers. One thing is clear, however. The teenagers are clever. They do not leave behind any evidence that would conclusively link them to the activity.
In retaliation Nvidia struck back to retrieve the lost or stolen data. The cybersecurity response team assigned the task to handle the breach, accessed the group’s system through virtual machine left behind by Lapsus$ hackers in the device management program. Nvidia experts encrypted the stolen data and cut off Lapsus$ link to Nvidia’s network. But Lapsus$ seemed to have another bow to their arsenal when they claimed that they possess copies of the stolen data.
The battle is showing no signs that it will end anytime soon.
