Cyber Incident Victim: Gigabyte
Date:
Aug 2021
Location:
Taiwan
Summary
A major Taiwanese hardware manufacturer suffered a ransomware attack by the RansomEXX gang, leading to system shutdowns and disruptions to customer support services and websites. The attackers stole 112GB of data and threatened to release it unless a ransom was paid, prompting the company to take affected servers offline and involve law enforcement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In early August 2021, Taiwanese hardware manufacturer Gigabyte Technologies suffered a ransomware attack attributed to the RansomEXX gang. The incident began late on Tuesday, August 3, extending into Wednesday, August 4, when attackers encrypted systems and exfiltrated approximately 112GB of company data. Gigabyte—known for producing motherboards, graphics cards, servers, laptops, and monitors—was forced to shut down portions of its IT infrastructure in Taiwan following the intrusion. The ransomware operators deployed their signature ransom notes across encrypted devices, containing instructions for contacting them via a non-public portal to negotiate payment and test file decryption. The attackers explicitly named Gigabyte in these communications, addressing the company directly through its gigabyte.com domain. By August 6, RansomEXX had created a dedicated leak page threatening to publish the stolen data unless their demands were met, though the specific ransom amount remained undisclosed.
Gigabyte confirmed the cyberattack through statements to media outlets like Taiwan's United Daily News, characterizing it as an incident affecting a limited number of servers. Upon detecting anomalous network activity during the attack window, the company initiated containment measures that included disabling affected IT systems and halting services. This response caused widespread disruptions to customer-facing operations: multiple corporate websites became inaccessible, including segments of Gigabyte's Taiwanese domain and its technical support portal. Customers reported inability to retrieve support documentation or obtain updates on product returns and repairs (RMAs). Gigabyte engaged law enforcement authorities to investigate the breach but did not publicly disclose whether ransom negotiations occurred or whether data restoration relied on backups versus decryption tools. The RansomEXX gang's leak page remained operational as of the initial reporting date, maintaining pressure for payment through the threat of data exposure.