Micro-Star International Co. Ltd., the Taiwanese manufacturer of hardware for personal computers, confirmed earlier today that it suffered a breach of its systems after a new ransomware gang called “Money Message” claimed responsibility and revealed it stole source code from the company’s corporate network.

MSI revealed that it had suffered a “cyberattack” in a press release, which did not go much into detail about the nature of the attack or reveal the name of the suspected threat actor.

“Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures and reported the incident to government law enforcement agencies and cybersecurity units,” the company said.

MSI is a well-known maker of computer hardware and related products, including laptops, desktops, motherboards, graphics cards, industrial computers and peripherals.

The Money Message ransomware gang listed MSI on a dark web extortion portal on Thursday and claimed to have stolen source code from the PC maker, reported Bleeping Computer. The gang also displayed screenshots of files reportedly containing software source code, private keys and BIOS firmware.

From chats seen by Bleeping Computer, the ransomware group claims to have stolen approximately 1.5 terabytes of data from MSI and demanded a ransom of $4 million. The group has given the hardware maker about five days to pay up or it will publish what it has.

According to the threat intelligence researchers at Cyble Inc., Money Message was first observed last month and has already affected several publicly disclosed victims. It uses a double extortion technique where the gang first steals data from the victim and then encrypts it on the network. That way if the ransom goes unpaid, it can still leak the data instead of simply leaving it leaving victims without access to their information.

Although the attack would have encrypted the segments of source code and other data that it affected, MSI downplayed the attack in its release.

“Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business,” the company added.

Image: Pixabay