Taiwanese PC parts maker, MSI (Micro-Star International), has become the latest target of a ransomware gang known as Money Message. The cybercriminals claim to have stolen a trove of data, including the company’s source code, from MSI’s network. MSI is a global hardware manufacturer known for its motherboards, graphics cards, laptops, servers, and other devices. Its annual revenue exceeds $6.5 billion.
Money Message has listed MSI on its data leak website and posted screenshots of the company's CTMS and ERP databases, along with files containing software source code, private keys, and BIOS firmware. The threat actors are now threatening to publish all the stolen data unless MSI agrees to pay their ransom demand of $4,000,000.
The cybercriminals claim to have stolen 1.5TB of data from MSI's systems, including source code and databases. They are giving MSI five days to pay the ransom, after which they say they will publish the stolen data.
Figure 1: Micro Star International (msi.com) Breached |
Money Message is known for performing double-extortion attacks, which is when a threat actor both exfiltrates a target's sensitive data and encrypts it. To gain access to a company's network, attackers can use various methods, including phishing for login credentials, exploiting vulnerabilities, and brute-forcing an RDP server.
It is not yet clear how Money Message gained access to MSI's network, but assuming the attack is legitimate, it raises serious concerns about the company's cybersecurity posture. MSI has not yet commented on the situation, and it's not known if they intend to pay the ransom demand.
Demanding a $4 million payment is a bold ask, especially since ransomware gangs have seen their profits decline as cyber insurance companies' policies and governments crack down on extortion attempts. However, if the cybercriminals are able to make good on their threat, MSI could face significant financial and reputational damage.
0 Comments