UPDATED 13:35 EST / APRIL 07 2023

SECURITY

MSI confirms breach after Money Message ransomware gang hackers claim responsibility

Micro-Star International Co. Ltd., the Taiwanese manufacturer of hardware for personal computers, confirmed earlier today that it suffered a breach of its systems after a new ransomware gang called “Money Message” claimed responsibility and revealed it stole source code from the company’s corporate network.

MSI revealed that it had suffered a “cyberattack” in a press release, which did not go much into detail about the nature of the attack or reveal the name of the suspected threat actor.

“Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures and reported the incident to government law enforcement agencies and cybersecurity units,” the company said.

MSI is a well-known maker of computer hardware and related products, including laptops, desktops, motherboards, graphics cards, industrial computers and peripherals.

The Money Message ransomware gang listed MSI on a dark web extortion portal on Thursday and claimed to have stolen source code from the PC maker, reported Bleeping Computer. The gang also displayed screenshots of files reportedly containing software source code, private keys and BIOS firmware.

From chats seen by Bleeping Computer, the ransomware group claims to have stolen approximately 1.5 terabytes of data from MSI and demanded a ransom of $4 million. The group has given the hardware maker about five days to pay up or it will publish what it has.

According to the threat intelligence researchers at Cyble Inc., Money Message was first observed last month and has already affected several publicly disclosed victims. It uses a double extortion technique where the gang first steals data from the victim and then encrypts it on the network. That way if the ransom goes unpaid, it can still leak the data instead of simply leaving it leaving victims without access to their information.

Although the attack would have encrypted the segments of source code and other data that it affected, MSI downplayed the attack in its release.

“Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business,” the company added.

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU