Nvidia hackers allegedly attempting to blackmail company into open-sourcing GPU drivers

Unusual demand follows request that hardware firm removes mining hashrate limiters on GPUs

UPDATED Attackers responsible for the recent hack of chipmaker Nvidia have apparently attempted to blackmail the company into open-sourcing its graphics processing unit (GPU) drivers.

According to screenshots circulating on social media, the Lapsus$ ransomware gang that claimed responsibility for the attack is now threatening to leak files related to Nvidia’s GPUs if the company fails to comply with its request.

The gang purportedly set the California-headquartered GPU pioneer a deadline of tomorrow (Friday, March 3) to meet its somewhat unorthodox demands.

This follows its previous reported demand that Nvidia remove mining hashrate limiters on its RTX 3000-series graphics cards.

“Lapsus$’ demands are unusual to say the least,” Emsisoft threat analyst Brett Callow told The Daily Swig. “In fact, I can’t think of another incident in which such odd, non-cash demands have been made.

“They claim to have ‘decided to help mining and gaming community’, and the most obvious conclusion to draw from that would seem to be that they themselves are members of that community. If they can’t squeeze cash out of Nvidia, they want to at least squeeze some extra performance.”

Outages

As previously reported by The Daily Swig, Nvidia’s internal systems were apparently compromised over a two-day period in February, leading to outages of its developer tools and email systems.

However, a spokesperson told us on Monday (February 28) that its “business and commercial activities continue uninterrupted”.

BACKGROUND Cyber-attack on Nvidia linked to Lapsus$ ransomware gang

It has since been widely reported that Nvidia has confirmed that sensitive data was stolen in the attack, including employee credentials and proprietary company information, and that hackers were leaking it online.

However Nvidia has reportedly not specified which data. The Daily Swig has contacted Nvidia for comment and we will update this article if we hear back.

‘Trade secrets’

The supposed ransom demand reads: “We request that NVIDIA commits to COMPLETELY OPEN-SOURCE (and distribute under a foss license) their GPU drivers for Windows, macOS and Linux, from now on and forever.

“If this request is not met, on Friday we will release the COMPLETE SILICON, GRAPHICS AND COMPUTER CHIPSET FILES for all recent NVIDIA GPUs, including the RTX 3090Ti and UPCOMING REVISIONS! Of course, this includes all files with extensions such as .v, .vx, .vg and more.”

Catch up on the latest cyber-attack news and analysis

While generally condemning the hackers’ actions, numerous messages on Reddit suggested that if Nvidia acceded to its demands it would at least result in enhanced Linux support for its drivers.

Data dumps

Lapsus$ actors have already claimed to have leaked password hashes for NVIDIA employees, as well as source code and highly confidential data.

The operators have also accused Nvidia of ‘hacking back’ and encrypting its own data after connecting to the attackers’ virtual machine via mobile device management (MDM). However, the attackers claimed to have all of the data backed up.

The Lapsus$ ransomware gang burst onto the cybercrime scene in December 2021 when it claimed responsibility for successful cyber-attacks on Brazil’s Ministry of Health, and later targeted Portuguese media group Impresa and South American telecommunication providers Claro and Embratel.

“Lapsus$ is a fairly new and supposedly LatAm-based threat group who seem to lack the playbook of predicable strategies used by Russia or CIS-based operations and their opsec may also be lacking,” said Emsisoft’s Brett Callow. “These factors could, perhaps, indicate that this is their first foray into the world of serious cybercrime.”

This article was updated with comments from Brett Callow of Emsisoft on March 3.

YOU MIGHT ALSO LIKE Toyota shuts down production after ‘cyber-attack’ on supplier