Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia’s graphics cards to mine cryptocurrencies faster or face the imminent release of the company’s source code.
A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia’s corporate network and stolen more than 1TB of data. Included in the theft, the group claims, are schematics and source code for drivers and firmware. A relative newcomer to the ransomware scene, Lapsus$ has already published one tranche of leaked files, which among other things included the usernames and cryptographic hashes for 71,335 of the chipmaker’s employees.
The group then went on to make the highly unusual demand: remove a feature known as LHR, short for “Lite Hash Rate,” or see the further leaking of stolen data.
“We decided to help mining and gaming community,” Lapsus$ members wrote in broken English. “We want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder. If they remove the lhr we will forget about hw folder (it’s a big folder). We both know lhr impact mining and gaming.”
Nvidia introduced LHR in February 2021 with the launch of its GeForce RTX 3060 models. Three months later, the company brought LHR to its GeForce RTX 3080, 3070, and 3060 Ti graphics cards. The reason: to make the cards less desirable to people mining Ethereum and possibly other types of cryptocurrencies. In recent years, the soaring prices of cryptocurrencies have created enormous demand for the cards because the cards are generally much faster and more efficient in performing the intensive computations required during the mining process.