PC manufacturer MSI hit with malicious ransomware attack
MSI, the PC manufacturer behind components, laptops, and peripherals, has confirmed that they’ve been hit by a ransomware attack by a hacking group.
Manufacturer MSI has posted to their website and the Taiwanese stock exchange that the company is currently handling a ransomware attack. The group taking responsibility for it, Money Message, has infected internal systems at MSI and is now demanding $4 million to not begin leaking company assets.
MSI has seemingly downplayed the situation in their press release, as they make no mention of whether the hack is ongoing:
“Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business.”
However, the Money Message group currently has hostage information pertaining MSI’s hardware, including the BIOS source code for motherboards. If the group isn’t satiated, leaking that type of software onto the web could lead to a major problem down the road.
Money Message is currently counting down a timer for over 100 hours. Once the countdown timer ends, they plan to release the 27GB of data to the public.
MSI hit by new ransomware group Money Message
Ransomware is not a new phenomenon, with its foundations rooted in the 80s, and its explosion happening sometime in the mid-2000s. Mikko Hypponen, Chief Research Officer at F-Secure has dubbed it “Ransomware 2.0”, where it’ll encrypt data and demand cash, as well as threaten to leak it out.
Money Message hasn’t been around too long, with their first major hack being reported on Bleeping Computer’s forums on March 28. Zscaler’s Threat Labs then reported that they’d caught wind of the group a day later.
Money Message’s website currently has seven pages of ransomware attacks they’ve accomplished, including small businesses and large firms, as well as a Bengali airline.
It’s currently unknown if Money Message will go through with the leak, or if MSI plans to pay the ransom off. Either way, MSI has stated to only use official download links going forward from its website.