MSI confirms breach by new ransomware group

'Money Message' claims to have stolen 1.5 TB of data

Money Message has demanded $4 million from MSI

Image:
Money Message has demanded $4 million from MSI

Taiwanese PC vendor Micro-Star International (MSI) has suffered a network breach that impacted "some of its information service systems."

The firm confirmed the breach after being named as one of the victims by a new ransomware group called Money Message, in a hacking forum.

The gang claims to have taken 1.5TB of data from MSI, including CTMS and ERP databases, source code, private keys and BIOS firmware.

Money Message also claimed that it now possesses the tools to create a potentially harmful BIOS and sign it digitally, giving it the appearance of legitimacy.

Money Message is a relatively new ransomware gang, first appearing in late March with an attack on Zscaler. It claims to have successfully hit targets around the world already, though, from the USA to Bangladesh.

The group has demanded $4 million from MSI, threatening to release the stolen data if the company fails to pay within five days - and that was before the Easter bank holiday weekend.

"Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios," a Money Message operator said in a chat with an MSI agent, according to Bleeping Computer.

At present, MSI has not officially acknowledged that the Money Message ransomware group was responsible for the breach, nor has it confirmed the amount the attacker is allegedly demanding.

The company has also not shared any information about the timing of the attack, or whether any of the impacted systems were encrypted.

MSI said it noticed "network anomalies" and responded by activating relevant defence mechanisms and implementing recovery measures.

The company has also reported the incident to government law enforcement agencies and cybersecurity units.

"Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business," MSI added.

It's unclear whether any customer data has been compromised.

MSI is now advising users to download firmware/BIOS updates solely from its official website, and not to use files from any other sources.

Headquartered in New Taipei City, Taiwan, MSI is a major provider of computer hardware and related products globally.

Its product line includes laptops, desktops, servers, motherboards, graphics cards, peripherals, and car infotainment products. The company generates annual revenue in excess of $6.5 billion.

This cyberattack on MSI comes less than a month after 160GB of data was stolen from another major Taiwanese PC manufacturer, Acer.

Earlier this month Western Digital, a US-based storage services provider, had to shut down its My Cloud consumer cloud and backup service due to a hack.

The outage affected multiple products and services, such as My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi and SanDisk Ixpand Wireless Charger.