Taiwanese hardware giant is being extorted by a gang who claims to have stolen their source code.
A newly formed ransomware gang is demanding a giant payment from MSI after claiming to have stolen a bonanza of data, reports BleepingComputer.
The gang calling themselves “Money Message” is new on the scene, but already making a splashy debut. They are giving MSI five days to pay an audacious $4 million (€3.7 billion) ransom. If payment is not received by then, the malefactors say they will publish 1.5 terabytes (TB) of stolen MSI data.
MSI (Micro-Star International) is a Taiwan-based global hardware giant that makes motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC peripherals, and infotainment products. The company boasts an annual turnover that exceeds $6.5 billion (€5.95 billion), according to BleepingComputer.
MSI’s BIOS firmware may be at risk
Money Message listed MSI on its data leak website and posted screenshots of the allegedly stolen data . The images suggest that the threat actors breached the company’s clinical trial management system (CTMS) and enterprise resource planning (ERP) databases containing private keys and various source code, including the framework for MSI’s BIOS firmware.
“Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios,” the gang told MSI in chats seen by BleepingComputer.
This is the same group that Zscaler, a California-based cloud security company, recently called attention to on Twitter. BleepingComputer also called attention to this new gang in a recent report describing the gang’s attack chain. The report also hinted at the possibility of the hackers having breached a well-known computer hardware vendor.
According to Zscaler and BleepingComputer, Money Message is performing double-extortion attacks, which is when a threat actor both exfiltrates a target’s sensitive data and encrypts it.
BleepingComputer says it has reached out to MSI multiple times in an attempt to verify the ransom report, but so far has not received a reply.