MSI Hit with Ransomware Attack, BIOS Blueprints Stolen

Image: MSI

Taiwanese gaming brand and PC hardware maker MSI has been the victim of a massive ransomware attack, according to a report from PCMag.

MSI confirmed the cyberattack in a Taiwanese stock exchange filing, as well as an official statement. “MSI recently suffered a cyberattack on part of its information systems,” the company said.

“Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business.”

MSI didn’t offer any specifics on the breach, including whether or not customer data was affected. However, a fairly new ransomware gang that goes by “Money Message” has asserted responsibility for the attack and claims to have stolen a large cache of data from the company, including source code, databases, private keys, and the framework for the BIOS used in MSI products.

“Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios,” a Money Message operator told an MSI representative (via BleepingComputer).

Money Message is demanding $4 million USD and threatening to leak the stolen data next week if the ransom isn’t paid.

As a precaution, MSI is asking customers to refrain from downloading product firmware or BIOS updates from any source other than the official MSI website.

“MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website,” the company said in its statement.

Back in 2021, fellow PC maker Acer suffered a ransomware attack where the hackers were holding sensitive data hostage for $50 million USD. Ransomware attacks targeting large companies have been on the rise as of late, and more recently, Canada’s largest bookstore chain, Indigo, had sensitive employee data (including social insurance numbers) stolen.