Nvidia is the chip maker from the U.S. with products powering millions of personal computers used by gamers, designers, researchers and alike from around the world.
The company is also having a growing importance in the data center business, where its processors help run some of the world's most powerful AI software and cryptocurrency miners.
Among the largest in the business, Nvidia is considered among the tech companies that power various industries that use microchips and GPUs.
Valued at more than $600 billion, there is so much at stake.
And this time, a cyberattack that came with a ransomware managed to cripple Nvidia.
Saying that its internal systems are "completely compromised," the company added that its business and commercial activities "continue uninterrupted."
"We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time."
Nvidia then released a public statement about the attack, acknowledging that it happened, but avoid going into the details, or explaining about the extent of the hack.
"We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time," Nvidia said.
Reports said that Nvidia's email system and developer tools have allegedly been down for days, either directly due to the attack or as a defensive measure from Nvidia.
"Security breaches, computer malware, phishing, and cyber-attacks continue to become more prevalent and sophisticated," Nvidia wrote in a regulatory filing with the U.S. Securities and Exchange Commission (SEC), describing potential risks faced by the company.
"These threats are constantly evolving, making it increasingly difficult to successfully defend against them or implement adequate prevention measures. These attacks have occurred on our systems in the past and are expected to occur in the future."
"Reported or perceived vulnerabilities, even if not exploited, can cause us harm."
"Our efforts to prevent and overcome these and similar challenges could increase our expenses and may not be successful. We may experience interruptions, delays, cessation of service and loss of existing or potential customers."
Since the Russia started invading Ukraine, and since sanctions have been imposed against Russia and others on behalf of Ukraine, there have been concerns that Russia would pursue cyber warfare to attack Western countries in retaliation.
Governments and companies around the world are on the lookout for potential online attacks coming, or based, or backed by Russia.
But sources suggest that the Nvidia hack is relatively minor, and denied that the incident had any connection to the outbreak of war between Russia and Ukraine.
What this means, the hack isn't fueled by geopolitical tensions.
But if ever a U.S.-based company like Nvidia is targeted during this Russia-Ukraine war, it could provoke retaliation from the United States.
"If Russia pursues cyberattacks against our companies, our critical infrastructure, we’re prepared to respond," said U.S. President Joe Biden.
It was later revealed that Nvidia confirmed the hack, and said that the "incident" is leaking employee credentials and proprietary information onto the internet.
Hacking group Lapsus$ has claimed responsibility for the attack, and has demanded that the chipmaker to make its drivers open-source if it doesn’t want more data leaked. Before this, the group threatened Nvidia to leak files if the company doesn't remove the limitations on its recent graphics cards that are meant to make them less appealing to cryptocurrency miners.
According to posts from the group, this includes source code for Nvidia’s hash rate limiter, which reduces the Ethereum mining performance when ran on Nvidia's RTX 30-series graphics cards.
Also called the LHR, the feature was introduced back in February 2021 alongside the launch of Nvidia's GeForce RTX 3060 models. The feature is designed to make the cards less desirable to people mining Ethereum and possibly other types of cryptocurrencies.
Lapsus$ claims to have around a terabyte of data stolen from Nvidia, saying that one of the folders is 250GB and contains information on "all recent Nvidia GPUs," including the mysterious RTX 3090 Ti.
Lapsus$ itself is relatively unknown. The group first made headlines when it claimed to be the one behind the ransomware attack on Brazil’s Ministry of Health that stole 50 terabytes of data, including citizens’ COVID-19 vaccination information.
Nvidia that is aware of the hacker group, has made improvements to its security, notified law enforcement, and is working with cybersecurity experts to respond to the attack.
"Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement," said a spokesperson for Nvidia. "We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online."
"Security is a continuous process that we take very seriously at Nvidia — and we invest in the protection and quality of our code and products daily," added the spokesperson for Nvidia.