MSI Issues This BIOS Firmware Guidance After Confirming Cyberattack
You should always be cautious about where and how you obtain BIOS updates for your devices, though that's especially true right now for anyone who owns a product from MSI, be it a motherboard, graphics card, or any other hardware with firmware. That's because MSI recently suffered a cyberattack on part of its information systems, the company confirmed.
The confirmation comes after a ransomware gang going by "Money Message" claimed it had stolen 1.5 terabytes of data from MSI, including private, various source code, and the framework for the company's BIOS firmware. In a message posted to a hacking forum, the ransomware gang attempted to extort a $4 million paying from MSI, saying the company had around just five days to pay up or have its stolen data exposed.
To be clear, MSI has not confirmed that the Money Message ransomware gang is responsible for its recent network breach, or that it is being extorted for a seven-figure payment. However, the timing of the security bulletin leaves little doubt that the two are related.
"Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business," MSI stated in its security bulletin.
MSI goes on to state that users should be careful to "obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website." For the most part, that's sage advice that falls under Computing Tips 101, though it's worth reiterating given the recent situation and considering that some people like to play around with unofficially modded BIOS files for various reasons.
"MSI is committed to protecting the data security and privacy of consumers, employees, and partners, and will continue to strengthen its cybersecurity architecture and management to maintain business continuity and network security in the future," MSI added.
As an aside, a recent report published by Coverware found that the dollar value of the median ransomware payment went on a significant downward trajectory last year. Part of that could be due to companies choosing not to report ransomware payments, but it's also been suggested that companies are increasingly unwilling to cough up extortion fees.