The data extortionists who stole up to 1 Terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow the company's graphics cards to mine cryptocurrencies faster or face the imminent release of the company's crown-jewel source.
A group calling itself Lapsus$ first claimed last week that it had stolen more than one ton of data from a corporate network. The group claims that the source code for drivers and firmware were included in the theft. Lapsus$, a relative newcomer to the ransomware scene, has already published one piece of leaked files, which included the usernames and passwords for 71,335 employees of a chipmaker.
The group demanded that the feature known as LHR be removed, or that more data be leaked.
Lapsus$ members wrote in broken English that they decided to help mining and gaming. We will forget about the big folder if they remove the lhr. We both know about impact mining and gaming.
LHR was introduced in February of 2021. The company brought LHR to its graphics cards three months later. To make the cards less desirable to people mining cryptocurrencies. The soaring prices of cryptocurrencies have created enormous demand for the cards because they are generally much faster and more efficient in performing the intensive computations required during the mining process.
The demand has led to a shortage that has often made GPUs virtually impossible for gaming enthusiasts to buy.LHR looks for specific attributes of the mining method. When one of those attributes is found, LHR limits the hash rate, which dictates mining efficiency.
AdvertisementLapsus$ changed its demand on Tuesday. The group wants the company to make its drivers open source. The company can expect to see a new leak if the company doesn't comply, Lapsus$ says. Group members wrote in a dispatch.
So, NVIDIA, the choice is yours! Either:
–Officially make current and all future drivers for all cards open source, while keeping the Verilog and chipset trade secrets... well, secret
OR
–Not make the drivers open source, making us release the entire silicon chip files so that everyone not only knows your driver's secrets, but also your most closely-guarded trade secrets for graphics and computer chipsets too!
YOU HAVE UNTIL FRIDAY, YOU DECIDE!
The officials wouldn't say if they would comply with the demand. They referred to a statement that was published on Tuesday.
On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.
We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.
Security is a continuous process that we take very seriously at NVIDIA–and we invest in the protection and quality of our code and products daily.
The company did not say if it has mandated password changes for employee accounts. The Have I Been Pwned service allows people to enter an email address to find out if they have been included in a data leak. A check of email addresses showed that all four of them were included in the Lapsus$ dump.