Money Message ransomware gang claims MSI breach, demands $4 million

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,223
Content source
https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/
Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as "Money Message," which claims to have stolen source code from the company's network.

MSI is a global hardware giant that makes motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC peripherals, and infotainment products, with an annual revenue that surpasses $6.5 billion.

The threat actor has listed MSI on its data leak website and posted screenshots of what they claim to be the hardware vendor's CTMS and ERP databases and files containing software source code, private keys, and BIOS firmware.

Money Message now threatens to publish all these allegedly stolen documents in about five days unless MSI meets its ransom payment demands.

BleepingComputer highlighted this novel ransomware group's activity in a report published over the weekend and described the gang's attack chain, hinting at the possibility of the threat actors having breached a well-known computer hardware vendor.

According to chats seen by BleepingComputer at the time, the threat actors claimed to have stolen 1.5TB of data from MSI's systems, including source code and databases, and demanded a ransom payment of $4,000,000.

"Say your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios," a Money Message operator said in a chat with an MSI agent.
Click to expand...
www.bleepingcomputer.com

Money Message ransomware gang claims MSI breach, demands $4 million

Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as "Money Message," which claims to have stolen source code from the company's network.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Wow
  • Like
Reactions: Andy Ful, upnorth, plat and 2 others
LASER_oneXM

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520

Intel BootGuard impacted by attack​


On Friday, Alex Matrosov, the CEO of firmware supply chain security platform Binarly, warned that the leaked source code contains the image signing private keys for 57 MSI products and Intel BootGuard private keys for 166 products.

"We are aware of these reports and actively investigating," Intel told BleepingComputer in response to our questions about the leak.

Binarly warned that this leak of keys impacts many different brands, including Intel, Lenovo, Supermicro, and more. To make matters worse, Matrosov said that this leak may have caused Intel BootGuard not to be effective on MSI devices using "11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake" CPUs.
Click to expand...
"We have evidence the whole Intel ecosystem is impacted by this MSI data breach. It's a direct threat to MSI customers and unfortunately not only to them," Matrosov told BleepingComputer Friday afternoon.

"The signing keys for fw image allow an attacker to craft malicious firmware updates and it can be delivered through a normal bios update process with MSI update tools."
Click to expand...

"The Intel BootGuard keys leak impacts the whole ecosystem (not only MSI) and makes this security feature useless."
Intel BootGuard is a security feature built into modern Intel hardware designed to prevent the loading of malicious firmware, known as UEFI bootkits. It is a critical feature used to meet Windows UEFI Secure Boot requirements.

This is because malicious firmware loads before the operating system, allowing it to hide its activities from the kernel and security software, persist even after an operating system is reinstalled, and help install malware on compromised devices.

To protect against malicious firmware, Intel BootGuard will verify if a firmware image is signed using a legitimate private signing key using an embedded public key built into the Intel hardware.
Click to expand...
www.bleepingcomputer.com

Intel investigating leak of Intel Boot Guard private keys after MSI breach

Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Wow
  • Like
  • +Reputation
Reactions: Andy Ful, upnorth, RansomwareRemediation and 7 others
I

Ink

Administrator
Verified
Jan 8, 2011
22,490
Now compromised.
Boot Guard technology is a part of boot integrity protection technology. Boot Guard can help protect the platform boot integrity by preventing the execution of unauthorized boot blocks. With Boot Guard, platform manufacturers can create boot policies such that invocation of an unauthorized (or untrusted) boot block will trigger the platform protection per the manufacturer's defined policy.

With verification based in the hardware, Boot Guard extends the trust boundary of the platform boot process down to the hardware level.

Boot Guard accomplishes this by:
  • Providing of hardware-based Static Root of Trust for Measurement (S-RTM) and the Root of Trust for Verification (RTV) using Intel architectural components.
  • Providing of architectural definition for platform manufacturer Boot Policy.
  • Enforcing manufacturer provided Boot Policy using Intel architectural components.
Benefits of this protection are that Boot Guard can help maintain platform integrity by preventing re-purposing of the manufacturer’s hardware to run an unauthorized software stack.
Click to expand...

Boot Guard Technology - 001 - ID:655258 | 12th Generation Intel® Core™ Processors Datasheet, Volume 1 of 2

edc.intel.com edc.intel.com
 
  • Like
  • Wow
Reactions: plat, upnorth, Gandalf_The_Grey and 1 other person
vtqhtr413

vtqhtr413

Level 27
Well-known
Aug 17, 2017
1,609
“Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data, including MSI OEM Signing Keys for Intel BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys," a spokesperson at Intel said in a statement to Bleeping Computer.
Click to expand...
www.ghacks.net

Data breach alert: Intel confronts massive security incident - gHacks Tech News

The MSI cyberattack in March has also affected other firms, including Intel. Here are the details about the Intel data breach.
www.ghacks.net
 
Last edited:
  • +Reputation
  • Wow
Reactions: Gandalf_The_Grey and plat
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
New Money Message ransomware demands million dollar ransoms
Replies
0
Views
1,073
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
P
    • +Reputation
    • Like
Johnson Controls Hit With "Massive" Ransomware Attack and Data Exfiltration
Replies
0
Views
1,567
News Archive
plat
P
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Internet Archive hacked, data breach impacts 31 million users
Replies
1
Views
2,437
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top