Unusual demand follows request that hardware firm removes mining hashrate limiters on GPUs

Nvidia hackers allegedly attempting to blackmail company into open-sourcing GPU drivers

UPDATED Attackers responsible for the recent hack of chipmaker Nvidia have apparently attempted to blackmail the company into open-sourcing its graphics processing unit (GPU) drivers.

According to screenshots circulating on social media, the Lapsus$ ransomware gang that claimed responsibility for the attack is now threatening to leak files related to Nvidia’s GPUs if the company fails to comply with its request.

The gang purportedly set the California-headquartered GPU pioneer a deadline of tomorrow (Friday, March 3) to meet its somewhat unorthodox demands.

This follows its previous reported demand that Nvidia remove mining hashrate limiters on its RTX 3000-series graphics cards.

BACKGROUND Cyber-attack on Nvidia linked to Lapsus$ ransomware gang

“Lapsus$’ demands are unusual to say the least,” Emsisoft threat analyst Brett Callow told The Daily Swig. “In fact, I can’t think of another incident in which such odd, non-cash demands have been made.

“They claim to have ‘decided to help mining and gaming community’, and the most obvious conclusion to draw from that would seem to be that they themselves are members of that community. If they can’t squeeze cash out of Nvidia, they want to at least squeeze some extra performance.”


As previously reported by The Daily Swig, Nvidia’s internal systems were apparently compromised over a two-day period in February, leading to outages of its developer tools and email systems.

In response to our queries, Nvidia made the following statement:

“On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.

“We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.

“Security is a continuous process that we take very seriously at NVIDIA – and we invest in the protection and quality of our code and products daily.”

‘Trade secrets’

The supposed latest ransom demand reads: “We request that NVIDIA commits to COMPLETELY OPEN-SOURCE (and distribute under a foss license) their GPU drivers for Windows, macOS and Linux, from now on and forever.

“If this request is not met, on Friday we will release the COMPLETE SILICON, GRAPHICS AND COMPUTER CHIPSET FILES for all recent NVIDIA GPUs, including the RTX 3090Ti and UPCOMING REVISIONS! Of course, this includes all files with extensions such as .v, .vx, .vg and more.”

Catch up on the latest cyber-attack news and analysis

While generally condemning the hackers’ actions, numerous messages on Reddit suggested that if Nvidia acceded to its demands it would at least result in enhanced Linux support for its drivers.

Data dumps

Lapsus$ actors have already claimed to have leaked password hashes for NVIDIA employees, as well as source code and highly confidential data.

The operators have also accused Nvidia of ‘hacking back’ and encrypting its own data after connecting to the attackers’ virtual machine via mobile device management (MDM). However, the attackers claimed to have all of the data backed up.

The Lapsus$ ransomware gang burst onto the cybercrime scene in December 2021 when it claimed responsibility for successful cyber-attacks on Brazil’s Ministry of Health, and later targeted Portuguese media group Impresa and South American telecommunication providers Claro and Embratel.

“Lapsus$ is a fairly new and supposedly LatAm-based threat group who seem to lack the playbook of predicable strategies used by Russia or CIS-based operations and their opsec may also be lacking,” said Emsisoft’s Brett Callow. “These factors could, perhaps, indicate that this is their first foray into the world of serious cybercrime.”

This article was updated with comments from Brett Callow of Emsisoft on March 3, then on March 4 with additional comments from Nvidia

YOU MIGHT ALSO LIKE Toyota shuts down production after ‘cyber-attack’ on supplier