Nvidia, the world’s biggest semiconductor chip company, has confirmed that it has been on the receiving end of a ransomware attack. Among the information stolen, employee credentials and proprietary company information are now being leaked online, according to statements from the company to TechCrunch.

Reports had started to emerge about a possible ransomware attack on the company as early as February 25. The group behind the attack is thought to be ‘Lapsus$,’ which claimed responsibility on its Telegram channel, stating that it has stolen over 1 terabyte of data from Nvidia.

Also read: The future of cybersecurity: How digital attacks are fueling need for network security experts?

The group claims that it has gotten access to proprietary data like source code, including the code for Nvidia’s hash rate limiter, which makes Nvidia’s graphic cards worse for cryptocurrency mining.

Lapsus$ has also hit the Brazilian Ministry of Health, a Portuguese company, and South American corporations Claro and Embratel. The group has claimed that it is not politically affiliated and implied that the hack is not in response to the ongoing Russia-Ukraine conflict, which Nvidia has also corroborated.

Also read: 1 out of 61 organisations hit by ransomware every week: Study

Nvidia hacks back

On realising the attack, Nvidia hired cybersecurity experts and informed law enforcement agencies. But that is perhaps not the only action that the company took.

Nvidia somehow managed to track Lapsus$ members and hack into their systems to install ransomware. Screenshots shared by threat analysts and Vx-underground, an organisation dedicated to collating information about malware, Lapsus$ was successfully targeted by Nvidia.

Also read: 76% Indian companies suffered ransomware attacks in 2021, many paid extortion, finds survey

Lapsus$ called Nvidia “criminals” and “scum” for installing ransomware on their machines. Unfortunately for Nvidia, the tactic did not work as the information was already backed up to other devices. Hacking back hackers is not unheard of as it prevents the leak of confidential information.

LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data.

LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successful ransomed their machinesIntel and photos courtesy of @S0ufi4n3 pic.twitter.com/fXcTNqgIpW— vx-underground (@vxunderground) February 26, 2022

Lapsus$ demand

Lapsus$ is demanding a fee from Nvidia, as is usually the case in ransomware attacks, to not leak the information online. Perhaps strangely, they have also demanded Nvidia to make its future GPU drivers open source.

#Lapsus want to make #Nvidia Open source lol