Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as “Money Message,” which claims to have stolen source code from the company’s network.
MSI is a global hardware giant that makes motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC peripherals, and infotainment products, with an annual revenue that surpasses $6.5 billion.
The threat actor has listed MSI on its data leak website and posted screenshots of what they claim to be the hardware vendor’s CTMS and ERP databases and files containing software source code, private keys, and BIOS firmware.
Money Message now threatens to publish all these allegedly stolen documents in about five days unless MSI meets its ransom payment demands.
MSI listed on ‘Money Message’ extortion site (BleepingComputer)
BleepingComputer highlighted this novel ransomware group’s activity in a report published over the weekend and described the gang’s attack chain, hinting at the possibility of the threat actors having breached a well-known computer hardware vendor.
According to chats seen by BleepingComputer at the time, the threat actors claimed to have stolen 1.5TB of data from MSI’s systems, including source code and databases, and demanded a ransom payment of $4,000,000.
Chat between the threat actor and the victim’s representative (BleepingComputer)
“Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios,” a Money Message operator said in a chat with an MSI agent.
Since discovering this, BleepingComputer has reached out to MSI multiple times, but we are still waiting for a reply.
As such, we haven’t been able to verify whether Money Message’s data breach claims are valid and whether the data they threaten to leak belongs to MSI.