M: YES is a well-known technology company that designs and manufactures laptops, tablets, and many components such as graphics cards, motherboards, etc. It has recently suffered a significant security attack and that endangers everyone who has a device of this brand. They have issued a notice to everyone, as they fear that they will make a mistake and spread viruses to whoever has a PC of this brand. We tell you what the attack consists of and what you should do.
MSI company suffers a ransomware attack
It’s about a ransomware attack carried out by Money Message. It is a threat in which attackers hijack data, lock files, or threaten to spread certain information. In exchange for this not happening, cybercriminals ask for a financial ransom. When it happens in renowned companies, as is the case with MSI, the amount can be very large. In addition, in many cases even the fact of paying is useless.
What the group of cybercriminals behind this ransomware attack has done is ask 4 million dollars or threaten to spread everything stolen. This data, it seems, also includes the source code of the company. That is exactly what makes it a great danger for customers who have a computer or components of this brand.
Why is it a danger? An attacker could use that source code to sneak in viruses via fake updates. Therefore, from MSI they alert their customers that they should not install any firmware or BIOS updates from third-party sources. That is, you should only install these updates from the official website and never from other pages that may contain false files.
MSI is concerned that modified firmware versions may start circulating on the network. If a hacker has access to the source code, they could sneak in fake versions of the BIOS firmware and affect users.
The actual impact is unknown.
From Money Message, the cybercriminal group behind this attack, they threaten to disclose all stolen data in a few days. For now, they have already contacted the company through messages and sending screenshots of everything they have stolen to apply pressure and achieve their economic objective.
It is unknown if it could have directly affected user data. It does seem clear that they have stolen sensitive data from the company and have enough information to put the brand in serious trouble. From MSI they assure that they are working to reinforce their security and prevent all this from reaching more.
If you have an MSI computer or any component of this brand, our advice is to install updates only from official sources. Beware of any page where you see a supposed update or any file that may actually be a fraud. This would endanger the security of your computer, your passwords and personal data. There are always risks when downloading files from the Internet, but it especially happens when we do it outside of official sites.
In short, MSI has been the victim of a ransomware attack. It seems that they have even been able to steal the source code of the company and that means that they can create false update files to attack. If you use something from this brand, it is essential that you exercise caution and do not make mistakes.