MSI, the Taiwanese PC hardware maker, has become the latest victim of a cyberattack. The company revealed in a filing with Taiwan’s Stock Exchange that it had experienced a cyberattack on its information service systems. The attack, reportedly by the Money Message ransomware group, resulted in the theft of source code, BIOS firmware, and private keys, as well as 1.5 terabytes of other crucial data. The hackers are now demanding a $4 million ransom to prevent them from releasing the data online.
MSI has stated that it has already notified appropriate government authorities and is taking necessary measures to restore its systems to normal operations. The company has also warned its customers not to download BIOS/UEFI files or firmware from any source except its own website, as the compromised software in the wild is a current concern.
According to cybersecurity experts, the Money Message ransomware group has only started operating this week. The hackers claim to have stolen documents containing software source code, secret keys, and BIOS firmware, and have already posted MSI’s files on their data leak website. The threat actors have added MSI to their list of companies whose data they are leaking, although they have only so far shared screenshots of what they claim are the PC manufacturer’s Enterprise Resource Planning (ERP) databases and files with software source code, among others.
Aside from the recent cyberattack, cybersecurity specialists at Cyble have also discovered a new wave of malware infecting users’ PCs through MSI’s popular Afterburner GPU OC utility. The corrupted software packages were found from unofficial websites, which were made to appear as an official part of MSI’s Afterburner website or a mirror of the company’s software download page. Users who download the malware-infected packages are at risk of having their computer systems remotely used for data or crypto mining, or disclosing sensitive information about their bank records and other critical data.
Given the recent cyberattack and the new malware threat, MSI has advised customers to only download firmware and BIOS upgrades from the company’s official website and to avoid using files from unofficial websites.
In response to the cyberattack, MSI has stated that there has been no major operational or financial impact on its business at this time. Nevertheless, the company is improving its information security control methods to guarantee the protection of its data and uphold business progression and network security in the future.
As cyberattacks and ransomware continue to be a prevalent threat to corporations and businesses, MSI’s experience serves as a reminder to all to maintain vigilance and best practices in ensuring data security and privacy.