MSI Reportedly Hacked by Money Message Ransomware Gang, Source Code Stolen
Taiwanese computer hardware giant MSI (Micro-Star International) has reportedly been hacked and added to the list of victims of a new ransomware gang called "Money Message". The cybercriminals claim to have stolen source code and other sensitive information from the company's network.
MSI is a leading global manufacturer of computer components, including motherboards, graphics cards, desktops, laptops, servers, and other devices. Its annual revenue is over $6.5 billion.
Money Message has listed MSI on its data leak website and posted screenshots of the company's CTMS and ERP databases, along with files containing software source code, private keys, and BIOS firmware. The threat actors are now threatening to publish all the stolen data unless MSI agrees to pay their ransom demand.
MSI is listed on the 'Money Message' extortion site |
List of files hackers stolen |
The attackers claim to have stolen 1.5TB of data from MSI's systems, including source code and databases. They are demanding a ransom payment of $4,000,000.
According to Bleeping Computer reports, in a chat with an MSI agent, a Money Message operator reportedly said, "Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios."
On Friday, MSI published a statement revealing that some of its information service systems had been affected by a cyberattack reported to the relevant authorities.
"Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business." the statement reads.
MSI Warns for BIOS and firmware updates
MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.
The incident serves as a reminder of the need for strong cybersecurity measures to protect against the growing threat of ransomware attacks. Companies must take proactive steps to secure their networks and educate their employees on how to identify and respond to potential cyber threats.
Update the Story with MSI Statement
Join the conversation