A recent data breach affecting Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as ‘Money Message’. The threat actors claim to have stolen source code from the company’s network.
MSI is one of the most well-known names in the global hardware market, producing desktops, laptops, motherboards, graphic cards, and other hardware intended for gaming. The annual revenue of the company surpasses $7 billion dollars.
In addition to posting pictures of what they claim to be the hardware vendor’s CTMS and ERP databases, files containing software source code, secret keys, and BIOS firmware, the threat actor has placed MSI on its data leak website.
Details About The Gang and The Breach
According to BleepingComputer, the threat actors claimed to have stolen 1.5TB of data from the Taiwanese company’s systems, including databases and source codes, and are now demanding a ransom payment of $4,000,000.
Money Message gave MSI an ultimatum. They have 5 days to pay the ransom or all the stolen data will be released.
Money Message Lists MSI on its Extortion Site (Source)
While chatting with an MSI agent, a Money Message operator said the following:
Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios.
Money Message Operator to MSI Agent (Source)
BleepingComputer tried reaching out to MSI on multiple occasions to gather more information about the breach, but the Taiwanese company is yet to respond. It is still uncertain whether Money Message’s data breach claims are valid and whether the data they threaten to leak belongs to MSI.
To find more information about this emerging ransomware gang, you can check out this article.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.