Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: let Nvidia’s graphics cards mine cryptocurrencies faster or the imminent release of the company’s crown jewel source code.
A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia’s corporate network and stolen more than 1 TB of data. Included in the theft, the group claims, are schematics and source code for drivers and firmware. A relative newcomer to the ransomware scene, Lapsus$ has already published a tranche of leaked files, including the usernames and cryptographic hashes for 71,335 of the chipmaker’s employees.
The group then made the highly unusual demand: remove a feature known as LHR, short for “Lite Hash Rate,” or see the further leak of stolen data.
“We’ve decided to help the mining and gaming community,” Lapsus$ members wrote in broken English. “We want nvidia to push an update for all 30 series firmware that removes every lhr limitation or else we will leak the hw folder. If they remove the lhr folder, we forget the hw folder (it’s a big map). We both know lhr impact mining and gaming.”
Nvidia introduced LHR in February 2021 with the launch of its GeForce RTX 3060 models. Three months later, the company brought LHR to its GeForce RTX 3080, 3070, and 3060 Ti graphics cards. The reason: To make the cards less attractive to people who mine Ethereum and possibly other types of cryptocurrencies. In recent years, the rising prices of cryptocurrencies have created a huge demand for the cards as the cards are generally much faster and more efficient at performing the intensive calculations required during the mining process.
Demand has led to a shortage that has often made GPUs virtually impossible for gaming enthusiasts to buy.
LHR works by looking for specific features of the Ethereum mining algorithm. When one of those features is found, LHR limits the hash rate, which dictates mining efficiency, by about 50 percent. “We’ve designed GeForce GPUs for gamers and gamers are crying out for more,” Nvidia officials wrote at the LHR unveiling.
On Tuesday, Lapsus$ changed his question. Now the group also wants Nvidia to commit to making its GPU drivers completely open source. If Nvidia doesn’t comply, Lapsus says, the company can expect another leak that would contain the full silicon, graphics and computer chipset files for all of its recent GPUs. In a post, group members wrote:
So, NVIDIA, the choice is yours! Or:
– Make current and all future drivers for all cards officially open source, while keeping Verilog and chipset trade secrets…well, secret
OR
-Don’t open source the drivers so we release the full silicon chip files so everyone knows not only the secrets of your driver but also your best kept graphics and computer chipsets trade secrets!
YOU HAVE UNTIL FRIDAY, YOU DECIDE!
Nvidia officials declined to say whether they intend to meet the demand. Instead, they referenced a statement first published on Tuesday:
On February 23, 2022, NVIDIA became aware of a cybersecurity incident affecting IT resources. Shortly after discovering the incident, we further strengthened our network, engaged cybersecurity incident experts and notified law enforcement.
We have no evidence that ransomware is deployed on the NVIDIA environment or related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and certain NVIDIA proprietary information from our systems and started leaking it online. Our team is in the process of analyzing that information. We do not expect any disruption to our business or our ability to serve our customers as a result of the incident.
Security is an ongoing process that we take very seriously at NVIDIA – and we invest daily in the protection and quality of our code and products.
The statement does not state whether the company has mandated password changes for affected employee accounts. The Have I Been Pwned burglary reporting service allows people to enter an email address to find out if it’s included in most data breaches. A check of the email addresses of four Nvidia employees revealed that they were all included in last week’s Lapsus$ dump.