Here’s something you don’t see everyday: A ransomware group that hacked graphics card marker NVIDIA has a very specific demand. Make NVIDIA graphics cards mine cryptocurrency faster or we will release your stolen, private data.
The hackers, known as Lapsus$, say that they have stolen over 1TB of data after hacking into Nvidia’s private network. The data includes email addresses and login credentials for more than 71,000 of NVIDIA’s employees. Some of this private data has already been released by the hackers.
However, Lapsus$ is issuing a ransom for the most valuable of NVIDIA’s data: the company’s source code and trade secrets.
“We decided to help mining and gaming community,” reads a message on Telegram attributed to Lapsus$ members. “We want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder. If they remove the lhr we will forget about hw folder (it’s a big folder). We both know lhr impact mining and gaming.”
In early 2021, amid a graphics cards shortage due to an uptick in cryptocurrency mining, NVIDIA adopted a new feature called Lite Hash Rate (LHR). LHR was designed specifically to limit Ethereum mining so that more graphics cards would be available for its intended purposes, like gaming.
LHR seems to have angered these hackers and the result is the ultimatum. Either NVIDIA removes LHR or, according to Lapsus$, they will “release the entire silicon chip files so that everyone not only knows your driver’s secrets, but also your most closely-guarded trade secrets for graphics and computer chipsets too!”
NVIDIA released the following public statement on the matter:
On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.
We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA…