Nvidia Cyber Attack – No one is safe in this digital world. Starting from multinational companies to simple users, everyone can be the victim of a cyber attack.
Recently NVIDIA confirmed the ongoing news of a cyberattack on the chipmaker. A ransomware group recently claimed they have chip makers’ corporate network on their radar, and they have also stolen some proprietary data.
In the fall of February 2022, NVIDIA confirmed the claims and issued a statement regarding the attack. In its statement, they mentioned they had suffered a cyberattack a few days ago. Even though the company was under attack, normal operations and company activity were not impacted in any way.
What hackers stole from NVIDIA cyber attack?
As per the company statement, on the 23rd of February 2022, NVIDIA came to know they were under cyberattack, which impacted a few resources. Soon after the company knew about the incident, they responded and further hardened the network.
Apart from that, the company also informed law enforcement regarding the NVIDIA cyber attack. Initially, the company did not know about the reasons for the attack as they were first linking it with the Russia Ukraine conflict.
But now, companies have a few reasons which prove that ransomware took employee credentials and some NVIDIA proprietary information. Apart from that, the hackers are also leaking credentials and proprietary information online.
In a statement, the company has made sure that they are working On analyzing the leaked information and their business and ability to serve the customer is working smoothly.
Initially, NVIDIA did not confirm any cyberattack on its server, but later a report was published on Telegraph, which claimed a cyberattack had disrupted some operators for two days.
NVIDIA took more than a week to confirm the ongoing news, and now the leaked information is out to the public.
What are the demands of hackers?
Soon after NVIDIA confirmed the cyber attack on its server, the group that stole the data from the NVIDIA server told everyone publicly that they had roughly one terabyte worth of data which included details about the development of upcoming product releases.
The hacker group has a few demands in exchange for not releasing the data out to the public. The hacker group won’t allow NVIDIA to remove the light hash rate in new firmware modification, which throttles the GPU’s ability to perform the calculations.
That performance throttle is just to limit the cryptocurrency miners, which came to discourage miners from stockpiling graphic cards in the event of a GPU shortage.
The hackers have begun leaking some information to the public in order to pressure the company so that they will fulfill their demands.
Why did hackers attack NVIDIA cyber attack?
For more than a week, NVIDIA did not accept or reject the claims of the cyber attack on the servers of the company. But now, the company has approved all the claims of cyber attacks and stolen data.
In exchange for not releasing the data out in public, the hacker group has a few demands, such as removing the light hash rate from all NVIDIA GPUs.
In the new NVIDIA 30 series, the company has used firmware modifications which throttles the GPU’s ability to perform the calculations. Even though this firmware modification is not hurting any gamer or regular user, cryptocurrency miners are struggling a lot.
In its demands, the hacker group has said clearly that they won’t allow companies to remove the firmware modification and allow all GPUs to calculate as much data as possible, even for crypto miners.
What will Nvidia do after the cyber attack?
NVIDIA is a digital company with more resources. One thing is sure, and they are not going to let it happen silently. NVIDIA will retaliate, and as per the statement issued by the ransomware group, the company tried to do something back.
In its statement, the ransomware group Claimed that NVIDIA or someone acting on behalf of the company had used remote administration tools to track down their system.
The group claimed that the system used by the ransomware gang was infected with a different piece of ransomware as an act of revenge. In the statement, the group said the infected server was a virtual machine, and they had already backed up the whole data.
The company did not comment on the allegations. All the cyber experts believe NVIDIA surely did something to get back that data, not as an act of revenge. Cyber experts believe it is a normal process, and every company tries to get the data back as soon as they realize they are under cyber attack.
Impacts of NVIDIA cyber attack on you
NVIDIA has a huge fan base in the world. Millions of people use NVIDIA graphic units, and cyber experts believe that NVIDIA cyber attacks might impact regular users also.
Many hacked tracking sites have reported that malware is spreading across the Internet and trying to infect as many computers as possible.
It is affecting systems that are still using the NVIDIA signed verification certificate to install drivers on computers, especially those who use Windows operating systems.
The malware uses two certificates to spread malware. Both of the certificates were issued by Verisign to the Nvidia Crop. Apart from that, both certificates have already expired, one in 2014 and another one in 2018.
Windows operating systems still allow them as a legitimate driver signer even though they have expired long ago. The suspicious package also contains mimikatz, A program that is used by hackers to extract passwords, pins, and other sensitive information from the memory of a computer.
How can you save yourself after an NVIDIA cyber attack?
First, everyone thought only NVIDIA was under attack and general operations were working fine in the company. Now many malware tracking sites have confirmed that many users are also under attack, and the same ransomware group is using malware to install malicious certificates in Windows operating systems using NVIDIA services.
Those malicious certificates also contain malware which is used by the hacker to extract passwords, pins, and other sensitive information from the memory of a computer.
Till the situation is getting clear, you can either call It professional or find a way to block those specific certificates from installing into your operating system.
If you are doing everything on your own such as blocking those malicious certificates, then kindly be aware that if you install bad software which blocks all the important and completely legal drivers, your computer might start behaving oddly.
As per the cyber experts, you can use Windows Defender application control policies to control what NVIDIA drivers can be loaded on your computer and what can not.
It is an advanced configuration process, and you should be aware if you block any wrong certificates, you might fall in trouble for some time.
Apart from that, many cyber experts believe Microsoft will install a new update that will include all the configuration processes to block those malicious certificates, but it might take some time.
Takeaways
After a week of rumors which claimed nVidia was under cyber attack a few days ago, the company accepted all the claims and told the users that they were under attack and a few sensitive information was out.
The ransomware group demands that NVIDIA remove all the performance throttles which restrict the computing power of a GPU when it comes to crypto mining. With its latest 30 series, NVIDIA announced a new firmware update that can restrict the computing power of a GPU during crypto mining.
NVIDIA has retaliated and tried to get the data back by using some ransomware. Apart from that, the company has also lodged its complaint and informed the securities regarding the breach of data.
Now the ransomware group is using that data to hack general computers by installing malware in the form of a signed driver by NVIDIA. As a user, you can use the Windows Defender program to block what type of certificates and drivers you don’t want on your computer.
Experts believe Microsoft will come with a new update with a certificate blocker in Windows 10 and 11, but it will take time. Till then, you should save yourself on your own.
Where can I find an older list of NVIDIA cyber attacks?
On its official website, NVIDIA has a specific page where you can go and check all the cyber attacks and security updates in the NVIDIA environment. Recently they have updated the list after a ransomware group stole the information of employees along with other sensitive content. On the official website, only the data till 2018 is available. If you want to see the older data, you can use the NVIDIA scrutiny bulletin archive page.
Will the Nvidia Cyberattack affect the performance of my computer?
No, in its official statement, NVIDIA has clearly mentioned all the general operations are working fine, and users are not under attack. Apart from that, you can use the Windows Defender program to block all the new certificates and drivers from NVIDIA to safeguard yourself.