Ransomware Gang Chases $4 Million Windfall From MSI For Alleged Source Code Data Theft

Hacker in a hoodie in front of an MSI laptop.
A newly formed ransomware gang is attempting to extort a sizable payment from MSI after claiming to have stolen a treasure trove of data, including sensitive source code. The gang, which goes by the name "Money Message," is giving MSI five days to pay a hefty $4 million ransom. If payment is not received by then, the threat actors say they will publish 1.5 terabytes (TB) of stolen data.

Screenshots of the allegedly stolen data and chats between the ransomware gang and MSI suggest that the threat actors breached the company's clinical trial management system (CTMS) and enterprise resource planning (ERP) databases containing private keys and various source code, including the framework for MSI's BIOS firmware.

Screenshot of a forum post by Money Message, a ransomware group, demanding payment from MSI for allegedly stolen data.
Source: BleepingComputer

"Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios," the ransomware gang told MSI in a chat message seen by BleepingComputer.

Zscaler ThreatLabz tweet noting the discovery of a new ransomware gang named Money Message.

This is the same group that Zscaler, a cloud security company headquartered in San Jose, California, recently called attention to on Twitter. According to Zscaler and BleepingComputer, Money Message is performing double-extortion attacks, which is when a threat actor both exfiltrates a target's sensitive data and encrypts it.

To pull this off, attackers can leverage a variety of ways to gain access to a company's network. Phishing for login credentials is perhaps the easiest, but depending on the skill level of the attacker, they can also exploit vulnerabilities and brute-force an RDP server, among other tactics.

Assuming the alleged attack on MSI's network is legitimate, it's not clear how exactly the Money Message gang weaseled its way into the company's systems. MSI has so far been mum on the situation. It's also not known if MSI has intentions of paying up, should the threat be real.

Demanding a $4 million payment is a bold ask for sure. It also comes at a time when ransomware gangs have seen their profits crater as cyber insurance companies' policies and governments crack down on extortion attempts.
Tags:  MSI, security, Ransomware