MSI (short for Micro-Star International), a Taiwanese PC vendor, revealed today that its network had been compromised in a cyberattack in response to claims of a ransomware attack. The Money Message ransomware group allegedly breached some of MSI’s systems earlier this week and stole data that will be released online next week if the business fails to pay a $4 million ransom.
MSI disclosed that certain information service systems had been impacted by a cyberattack that had been notified to the appropriate authorities in a Friday filing with Taiwan’s Stock Exchange (TWSE).
“The IT department at MSI has started information security defensive mechanisms and recovery procedures after discovering some information systems being attacked by hackers. The Business has also informed the appropriate government authorities of the irregularity, “said MSI.
The organization withheld information regarding the attack’s timeframe, whether any compromised systems were encrypted, and whether the attackers stole consumer and business data due to the event.
The cyberattack, according to MSI, had no “major” operational or economic effects, and security upgrades had been put in place to guarantee the protection of the data kept on the compromised systems.
“No significant operational or financial impact on our business at this time. To maintain data security, the company is also improving the information security control methods of its network and infrastructure.”
After learning that the Money Message ransomware operation may have been involved in the intrusion of a well-known computer hardware business, BleepingComputer first highlighted the functions of the gang in a piece released last weekend.
According to talks between the ransomware group and an MSI official, the threat actors wanted a $4,000,000 ransom in exchange for access to allegedly 1.5TB worth of documents that they claimed to have stolen from MSI’s network. If MSI doesn’t pay the ransom, Money Message now threatens to release the purportedly stolen files sometime next week.
The threat actors have added MSI to their list of companies whose data they are leaking, although they have only so far shared screenshots of what they claim are the PC manufacturer’s Enterprise Resource Planning (ERP) databases and files with software source code etc.
Users should refrain from downloading firmware and BIOS updates from unofficial websites and only get such software through the company’s official website, according to a recent statement from MSI.
Given that the Money Message ransomware group claims to have stolen the PC manufacturer’s source code, it appears from the statement that MSI is concerned that hackers might disseminate harmful copies of the company’s BIOS software.
Ransomware Gang Alleges MSI Breach And Requests $4 million.
The new ransomware gang “Money Message” has placed Taiwanese PC component manufacturer (Micro-Star International) on its extortion portal. The group claims to have stolen source code from the firm’s network.
With annual sales of $6.5 billion, MSI is a major manufacturer of motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC accessories, and infotainment products.
Together with screenshots of what they claim to be the hardware vendor’s CTMS and ERP databases, files containing software source code, secret keys, and BIOS firmware, the threat actor has posted MSI on its data leak website.
If it doesn’t comply with its demands for a ransom payment, Money Message now threatens to expose all of these supposedly stolen papers in around five days. Threat actors sought a $4,000,000 ransom payment after claiming to have stolen 1.5TB of data from MSI’s servers, including source code and databases.
In a communication with an MSI agent, a Money Message operator claimed, ”Inform your manager that we have the MSI source code, which includes the framework for building BIOS, as well as secret keys that allow us to sign any custom BIOS module and install it on a PC running this BIOS.”
Conclusion
Micro-Star International (MSI), a Taiwanese hardware manufacturer, stated Friday that it had been the target of a cyberattack in response to rumors that a new ransomware organization had targeted the business. While MSI did not provide an exact time frame for the attack, it did note that the issue was notified to law enforcement authorities “promptly” and that recovery efforts have been started. The business was added to the list of victims of the Money Message ransomware organization this week. The group claims to have stolen the company’s source code, firmware, frameworks, and more. According to cybersecurity experts, the group only started operating this week.
The New Taipei City-based company generated over $6.6 billion in revenue in 2021 from creating and producing computer gear, such as motherboards, graphics cards, desktops, and laptops. “At this time, the afflicted systems have gradually started to run again, not affecting financial business normally. MSI advises consumers to only download firmware and BIOS upgrades from the company’s official website and to avoid using files from unofficial websites, the company said. “The company is committed to safeguarding customer, employee, and partner data security and privacy and will keep improving its cybersecurity architecture and management to uphold business progression and network security in the future.” The business stated in regulatory filings that it did not anticipate any losses or effects from the intrusions when they were presented to The Taiwan Stock Exchange on Friday.
