Taiwanese manufacturer Gigabyte Technology Co. Ltd. has allegedly been struck by a ransomware attack, the second time the company has been targeted in three months.

The previous attack on the company, best known for its motherboards and graphics cards, occurred in August with 112 gigabytes of sensitive data stolen. That attack was attributed to the RansomEXX gang.

Forward to October and the DarkTracer: DarkWeb Criminal Intelligence account posted on Twitter Wednesday that a group going by the name of AvosLocker is claiming to have successfully attacked the company. AvosLocker was first observed searching for affiliates on underground forums in late June. A report earlier this month had the gang planning to auction the data of victims who have refused to pay the ransom demanded.

The AvosLocker gang has published some stolen data as proof that they did indeed successfully target Gigabyte. According to Privacy Sharks, the data includes passwords and usernames, employee payroll details, human resources documents and credit card details.

In addition, documents were found relating to relationships the company has with Barracuda Networks Inc., Blizzard Entertainment Inc., Black Magic, Intel Corp., Kingston Technology Corp., Amazon.com Inc. and Best Buy Co. Screenshots were also provided of a file tree showing various other documents stolen.

Gigabyte has not commented on the report as of the time of writing.

“The details in the file tree should be extremely concerning to Gigabyte as they consider the impact of this breach,” Jake Williams, co-founder and chief technology officer at incident response firm BreachQuest Inc., told SiliconANGLE. “In most double extortion schemes, the data theft focuses on quantity rather than quality. The file tree from this dump suggests that in this case, the threat actor focused on quality.”

The AvosLocker double extortion model includes sale of data for those who don’t pay, rather than just free release, Williams noted. “To facilitate sales, AvosLocker must steal data that’s worth buying,” he said. “The file tree (directory listing) teased by AvosLocker certainly appears to be the kind of data that would be valuable to a multitude of cybercriminals.”

John Bambenek, principal threat hunter at information technology and security operations company Netenrich Inc. said ransomware operators are getting increasingly aggressive in demanding payments.

“The selective leaking of information is a method to further entice victims into paying the ransom,” Bambenek said, noting that this will keep occurring as long as the economics favor paying a ransom. “What will be interesting to see is how this method of auctioning data will change the math, but in the end, crime on the internet still pays.”

Image: Gigabyte