Nvidia was the victim of a ransomware attack a few days ago. The group that claims to be responsible for the attack says it had access to Nvidia servers for a week, gained admin access, and pulled at least 1TB of data (via Tom’s hardware). The group has threatened to sell or release the data unless Nvidia contacts them and removes the mining performance limiter on their RTX 30-series GPUs.
Nvidia introduced its mining limiter (Nvidia RTX LHR) last year to restrict the hash rate of RTX 30-series cards whenever the drivers detected it was being used to mine Ethereum. It was meant to be a deterrent for crypto miners who were hoarding GPUs for mining operations, which in turn has contributed to the global graphics card shortage over the last two years.
The South-American based hacker group, Lapsus$, has taken credit for the recent attack and threatened to either sell or release a “hw folder” if Nvidia does not immediately remove the limiter from its RTX 30-series cards. The folder contains schematics, drivers, and other internal data, which Lapsus$ says it knows is very valuable to Nvidia.
Including “everything about falcon,” whatever that is.
Recent attempts have been made to find workarounds to the limiter, which have either unlocked just a percentage of a GPU’s overall Ethereum mining performance, of have instead installed malware. But there is the suggestion the group is already selling some sort of bypass for version two of the hash rate limiting algorithm for GA102 – GA104 GPUs. Though that hasn’t been confirmed as far as we can tell
According to Nvidia, the hack was initially described as ‘relatively minor,’ and explicitly said it had no connection to the war between Russia and Ukraine. The group also said itself, “we are not state-sponsored and we not in politics AT ALL,” from screenshotted Telegram messages shared by Videocardz.
According to the same string of Telegram posts, Nvidia still has not contacted the hackers, and Lapsus$ says it will go ahead and release some of the data in the form of a torrent.
Tips and advice
How to buy a graphics card: tips on buying a graphics card in the barren silicon landscape that is 2022
We reached out to Nvidia for comment, and the spokesperson responded with the following statement:
“We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time.”
Lapsus$ says this is all an effort to help the “mining and gaming community,” though that does, however, feel mutually exclusive. We get how forcing Nvidia to release the hash rate limiter would help miners, but how that’s going to be of benefit to gamers we don’t know. After all, those two communities have rarely been of one mind.