Skip to content

MSI confirms data breach after ransomware gang demands $4 million

  • by
  • 3 min read

After being listed on the Money Message ransomware gang’s site as a victim, Taiwanese computer manufacturer MSI has confirmed it suffered a data breach and data was stolen in the attack. Although it didn’t give out a lot of information, the company did publish a Taiwanese stock exchange filing about the incident. 

The ransomware gang listed MSI on its data leak website with screenshots of what they claim to be the company’s CTMS and ERP databases as well as files containing source code, BIOS firmware and even private keys. Money Message is threatening to post all data publicly unless MSI pays up to $4 million in ransom. BleepingComputer reports that nearly 1.5TB of data has been stolen from the company according to chats between the ransomware gang and a victim representative. 

The company’s MOPS announcement only claims that “some information service systems” were affected by the attack and that MSI’s IT department “initiated information security defence mechanism and recovery procedures” upon detection. The incident has been reported to the relevant law enforcement authorities as well. 

MSI announcement confirming the data breach.

As for the data breach’s impact on the company business, MSI claims that its business in terms of finances or operations has faced “no significant impact”. That said, the company is enhancing the information security control measures of its network and infrastructure to ensure data security. 

Money Message is a relatively new threat actor when it comes to ransomware. The gang was first observed in March 2023 and has already successfully attacked over five victims, the majority being from the US. According to Cyble researchers, it uses a double extortion technique to target victims. This involves extracting data before it’s encrypted. 

Money Message victim distribution. | Source: Cyble

The researchers believe that the group leverages stealer logs in its operations as their binaries contained admin credentials of the target network in their configurations. Overall, their capabilities include encrypting network shares as well as targeting both Windows and Linux operating systems. 

In the News: Security firms are trying to keep breaches confidential: Research

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here:

Exit mobile version