The ransomware group known as Lapsus recently threatened to release “Nvidia’s most closely guarded trade secrets.” These were stolen during a cyberattack last month. Lapsus just published the personal information of over 71,000 current and former employees at the company in order to prove its point. Nvidia claims to be "aware of a cybersecurity incident which impacted IT resources."
“We request that Nvidia commits to completely open source their graphics processing unit drivers for Windows, MacOS, and Linux from now on and forever,” the ransomware group said in a statement. Should the company not acquiesce to the request, Lapsus will “release the complete silicon, graphics, and computer chipset files for all recent Nvidia graphics processing units.”
Lapsus noted that Nvidia can either “make current and all future drivers for all cards open source” or face the prospect of having the ransomware group “release the entire silicon chip files so that everyone not only known your driver’s secrets, but also your most closely guarded trade secrets for graphics and computer chipsets, too!”
Nvidia previously refused to remove a cryptocurrency mining limiter from its graphics cards, prompting the demand by Lapsus to make their drivers open source. The hackers have already released the source code for the proprietary deep learning super sampling technology.
Lapsus claims to have stolen over a terabyte of data during the cyberattack. Nvidia has acknowledged that a "threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online." The company later noted that "commercial activities continue uninterrupted." Nvidia currently has no plans to meet the demands being made by the hackers.
This comes in the wake of news that Samsung has been targeted by Lapsus in a seemingly related cyberattack. The ransomware group just leaked over 190 gigabytes worth of data including the source code for various proprietary technologies. Lapsus however has made no public demands and Samsung has not yet acknowledged the data breach.