A data extortion group has claimed responsibility for NVIDIA's two-day outage last week.
LAPSU$, the data extortion group in question, recently revealed they stole 1TB of data consisting of "stuff, schematics, driver, and firmware" from the U.S. chipmaker, per a Bleeping Computer article.
The group says it is prepared to sell the stolen data, including a procedure to remove the Ethereum mining limiter NVIDIA placed on the GeForce RTX 30 Series if the company does not pay the ransom demand.
LAPSU$'s Messages and Threats
According to the group's messages, they were in NVIDIA's systems for a week. During such time, they "fastly escalated to admin of a lot of systems."
It was in this same message where they revealed they were able to acquire data they described as most important.
They also mentioned that NVIDIA fought back by encrypting a machine the hackers were using to retrieve data from the company but failed due to LAPSUS$ already having all the data the group needed, per a PC Mag article.
In another message, the group said it "decided to help [the] mining and gaming community" by ordering NVIDIA to push an update for all GeForce RTX 30 Series Firmware, removing the limitations NVIDIA placed.
Should NVIDIA ignore the group's demand, they will leak a folder containing instructions on how to remove it.
Read More: How Attack Surface Management Software Projects Against the 4 Major Cybercrime Pathways
"If they remove the LHR, we will forget about [the] hw folder," the group said, adding that they know about the impact of LHR on mining and gaming
The LHR, or "Lite Hash Rate," is NVIDIA's identifier for GeForce RTX 30 Series GPUs that have a limited Ethereum hash rate. This limiter and identifier is part of the company's effort to help gamers get their hands on the GPUs, per NVIDIA's blog post on the matter.
The data extortion group also mentioned that they have documentation, company private tools, SDKs, and data regarding NVIDIA's proprietary control processor, Falcon.
LAPSUS$ Posts Link to NVIDIA's Data
LAPSUS$ finally posted a link to the first part of NVIDIA's data. According to the group's message, the leak, which is around 20GB, contains the source code and highly confidential data from various parts of NVIDIA's GPU driver. It also includes other information, such as data about Falcon and the LHR.
NVIDIA filed an abuse report to prevent the leak, but LAPSUS$ switched to using torrents to share the information, stating they would not re-upload the file.
The leaked information was reported to be sufficient enough for a good developer to create a bypass for NVIDIA's LHR.
NVIDIA's Reponse
LAPSU$ extortion group, a group operating out of South America, claim to have breached NVIDIA and exfiltrated over 1TB of proprietary data.
LAPSU$ claims NVIDIA performed a hack back and states NVIDIA has successful ransomed their machines
Intel and photos courtesy of @S0ufi4n3 pic.twitter.com/fXcTNqgIpW— vx-underground (@vxunderground) February 26, 2022
NVIDIA did not immediately respond to inquiries about LAPSU$'s messages but gave a statement saying that they are "investigating an incident," and its business and commercial activities continue uninterrupted.
The company also added that it is evaluating the nature and scope of the event and has not any new information to share at the time of the statement's release.
This was also the same response NVIDIA released last week when the two-day outage was fresh on everyone's minds.
However, PC Gamer reports that NVIDIA counter-hacked LAPSU$ with ransomware in retaliation of their hack last week. Whether NVIDIA's hack is successful or not remains to be seen, but we should be getting an update from NVIDIA in the coming days.
Related article: NVIDIA Cyberattack Leads to Outages! Email, Developer Tools Compromised?
