MSI Acknowledges Breach as Money Message Ransomware Group Takes Credit for Cyberattack

MSI (Micro-Star International Co. Ltd.), a Taiwanese PC manufacturer, has confirmed that it was targeted in a cyberattack by a ransomware. The attack was carried out by the Money Message ransomware group, which claimed to have breached some of MSI’s systems.

As per the group’s claims, they have already stolen files, and if MSI refuses to pay the ransom of $4 million, the group plans to leak the data online next week.

In a press release, MSI disclosed that it was a victim of a “cyberattack,” but the statement was not specific about the type of attack or the identity of the suspected perpetrator.

MSI reported that its information department acted swiftly upon discovering network anomalies and triggered appropriate defense mechanisms to mitigate the attack. The department also executed recovery procedures to restore systems to their normal state.

Additionally, MSI notified government law enforcement agencies and cybersecurity units about the incident to investigate the attack and prevent similar incidents in the future.

As per the discussions between the MSI representative and the ransomware gang, the attackers asked for a ransom amount of $4,000,000.

The group justified the demand by stating that they had accessed and exfiltrated approximately 1.5 terabytes of documents from MSI’s network, which they could leak online.

The Money Message ransomware group has given an ultimatum to MSI, warning the company to fulfill its ransom demands; otherwise, the group will release the stolen files online.

The threat actors behind the MSI ransomware attack have included the company’s name on their data leak website. As of now, the group has shared some screenshots, which they claim are from MSI’s Enterprise Resource Planning (ERP) databases.

They have also published files that include software BIOS firmware, source code and private keys. However, the group has not released the complete data set yet.