MSI listed on “Money Message” Ransomware Gang’s Extortion Site

Global hardware giant MSI (Micro-Star International), headquartered in Taiwan, has been listed on the extortion portal of a new ransomware gang known as “Money Message.” The gang claims to have stolen source code from MSI’s network and has threatened to publish all these allegedly stolen documents in about five days unless MSI meets its ransom payment demands.

MSI is a leading manufacturer of motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC peripherals, and infotainment products, with an annual revenue that surpasses $6.5 billion.

The threat actor has listed MSI on its data leak website and posted screenshots of what they claim to be the hardware vendor’s CTMS and ERP databases and files containing software source code, private keys, and BIOS firmware.

MSI listed on 'Money Message' extortion site
MSI listed on ‘Money Message’ extortion site (source)

According to a report by IT Services, Money Message is a novel ransomware group that has been active recently and has attacked a well-known computer hardware vendor. The threat actors claimed to have stolen 1.5TB of data from MSI’s systems, including source code and databases, and demanded a ransom payment of $4,000,000.

Chat between the threat actor and the victim's representative
Chat between the threat actor and the victim’s representative (source)

During a chat with an MSI agent, a Money Message operator said, “Say your manager, that we have MSI source code, including the framework to develop BIOS, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this BIOS.”

IT Services has reached out to MSI for comment but has not yet received a response. As such, the validity of Money Message’s data breach claims and whether the data they threaten to leak belongs to MSI remain unverified.

Leave a Reply

Your email address will not be published. Required fields are marked *