A ransomware group that hacked graphics card maker NVIDIA has a very specific demand. We will release your stolen, private data if your NVIDIA graphics card mines cryptocurrency faster.
The hackers, known as Lapsus$, say that they have stolen over 1TB of data after hacking into Nvidia’s private network. The data includes email addresses and login credentials for more than 71,000 of NVIDIA’s employees. Some of this private data has already been released by the hackers.
But Lapsus$ is demanding a ransom for NVIDIA’s most valuable data: its source code and trade secrets.
“We decided to help mining and gaming communities,” reads a message on Telegram attributed to Lapsus$ members. We want nvidia to push an update for all 30 series firmware that removes all lhr limitations, otherwise we will leak the hardware folder (it’s a large folder). We both know lhr impacts mining and gaming.”
As cryptocurrency mining grew in popularity in early 2021, NVIDIA introduced a new feature called Lite Hash Rate (LHR). LHR was designed specifically to limit Ethereum mining to make more graphics cards available for its intended purposes, like gaming.
This ultimatum appears to be the result of LHR’s angering these hackers. NVIDIA is either going to remove LHR or, says Lapsus$, they will “release the entire silicon chip files so that everyone knows not only your driver secrets, but also your most closely-guarded trade secrets related to graphics and computer chipsets as well!”
NVIDIA released the following public statement on the matter:
NVIDIA became aware of a cybersecurity incident that affected IT resources on February 23, 2022. After discovering the incident, we hardened our network further, engaged cyber incident response experts, and notified law enforcement.
NVIDIA has until Friday to make its decision regarding the ransomware group.