Nvidia acknowledges that trade secrets and personal data have been stolen by ransomware group Lapsus$. According to Nvidia, ransomware is not involved. The organization refuses to cooperate with the cybercriminals’ demands.
Ransomware group Lapsus$ claims to possess over 1TB of private Nvidia data. According to the ransomware group, SDKs, documentation, security data, firmware and drivers were captured.
Lapsus$ is threatening to sell the data. The ransomware group claims that the information allows security holes in Nvidia products to be found and exploited. Lapsus$ says it is willing to abort its plan if Nvidia modifies its products. The ransomware group demands that Nvidia remove the Lite Hash Rate restriction from GPUs.
GPUs with high Lite Hash Rates (LHRs) are suitable for mining Ethereum, a cryptocurrency. The stock of Nvidia GPUs with high LHRs is regularly exhausted by cryptominers. As a result, Nvidia is unable to supply enough GPUs to consumers. The organization limits the LHRs of GPUs to discourage cryptominers from buying out stock.
Nvidia isn’t cooperating
Lapsus$ hopes to pressure Nvidia into removing the LHR restriction under the threat of a data breach. Today, Nvidia informed a German news site (hardwareLUXX) that the demand will not be met. Although the organization confirms that Lapsus$ has personal data and trade secrets in its hands, “there’s no evidence of ransomware involved”. Nvidia states that its security team are currently analyzing the incident. The organization does not expect an impact on customers.