UPDATE: A new statement from MSI says users should avoid downloading firmware and BIOS updates from third-party sources, and instead only obtain such software from the company's official website.
The statement suggests MSI is worried hackers could circulate malicious versions of the company's BIOS software when the ransomware gang, Money Message, claims it stole the PC maker's source code.
Original story:
MSI has confirmed it suffered a data breach after a ransomware gang claimed it stole files from the PC maker. The company published a Taiwanese stock exchange filing about experiencing a “cyber attack,” although the company is thin on details.
“After detecting some information systems being attacked by hackers, MSI’s IT department has initiated information security defense mechanism and recovery procedures,” the PC maker said. The company also reported the incident to authorities.
(Credit: MOPS)
MSI didn't immediately respond to a request for comment, making it unclear whether customer data is affected. But in the stock exchange filing, the PC maker says it anticipates the breach having “no significant impact” on its financials or operations.
A new ransomware group called Money Message claims it breached the PC maker to steal the company’s source code, including the framework for the BIOS used in MSI products.
Recommended by Our Editors
The leak site for the ransomware group Money Message.
Money Message posted screenshots of the stolen files on the group’s dark web site. The ransomware gang is demanding MSI pay $4 million or else it’ll leak the stolen data next week, according to BleepingComputer, citing chats Money Message made with a victim representative.
Money Message seems to have only emerged last month. The group has targeted Windows and Linux computers and will try to encrypt shared network resources, according to cybersecurity firm Cyble. The company also uncovered evidence Money Message will first try to identify and steal the admin credentials for an IT network before spreading their ransomware attacks.
As for MSI, the PC maker says in the stock exchange filing that it’s working to bolster its cybersecurity for company systems.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Michael Kan
Senior Reporter
Experience
I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.
Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how President Trump's tariffs will affect the industry. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.