Recently, a ransomware group called Money Message claimed that they had successfully hacked into the system of PC manufacturer MSI (MSI), accessed MSI's CTMS and ERP database, and stole the company's source code, keys, and MSI's The total data of the BIOS firmware used in the product reaches 1.5TB.
Money Message posted screenshots of the stolen files on the dark web and demanded that MSI pay $4 million to redeem the data or it would make the stolen data public this week.
MSI is a PC manufacturer in Taiwan, my country. It mainly produces high-end PC motherboards, GPUs, notebooks, monitors and other PC peripheral products, which are deeply loved by e-sports players. After the incident, MSI issued a short statement on its official website , confirming that it had been attacked by a network:
Some of MSI's information systems have recently suffered a cyber attack. After the information department discovers an abnormality in the network, it promptly activates the relevant defense mechanism and takes recovery measures, and reports the incident to the government law enforcement department and the network security department. At present, the affected systems have gradually resumed normal operation, and there is no major impact on financial business.
MSI urges users to obtain firmware/BIOS updates only from the official website and not to use files from sources other than the official website.
However, this brief statement did not disclose any details, so it is not clear whether the 1.5TB of data contains MSI user data, as well as information such as source code and keys claimed by the ransomware group. How Money Message hacked into MSI, or whether MSI intends to pay the $4 million ransom.
Cybersecurity company Cyble said that Money Message seems to be a new ransomware organization that just emerged last month. Although it has only been established recently, more than five companies are known to be affected. The organization targets Windows and Linux computers. Steal user data, spread ransomware.