Money Message Ransomware Group Apparently Behind MSI Breach

[GFreeman]

It appears that MSI's data breach is more significant than originally thought and according to recent information, a new ransomware group known as "Money Message" was behind the attack, stealing databases and source code from MSI's network.

According to a report over from the BleepingComputer, Money Message claims to have stolen 1.5 TB of data from MSI's systems, including CTMS and ERP databases, software source code, private keys, and BIOS firmware. Money Message is threatening to publish these allegedly stolen documents and asking a ransom payment of $4 million. MSI has already warned its customers about the cyberattack, has started the "relevant defense mechanisms," and has been gradually restoring its systems back to normal operations.



View at TechPowerUp Main Site | Source

 

[Shrek]

We are annoyed that Microsoft expect us to upgrade to more secure PCs for Windows 11 (at least I am),
but one can see the need.

 

[dgianstefani]

We are annoyed that Microsoft expect us to upgrade to more secure PCs for Windows 11 (at least I am),
but one can see the need.

It's almost never the PC and almost always the user.

 

[BSim500]

We are annoyed that Microsoft expect us to upgrade to more secure PCs for Windows 11 (at least I am), but one can see the need.

It's not consumer Windows 7, 8, 10, 11, etc, where these hacks succeed though, it's always Windows Server, and adding all the TPM in the world to average Joe's PC's (where the data isn't even stored) wouldn't have done a single thing to stop this or any other corporate mega-breach. As with most Microsoft 'security', the things they make the most noise over in the press (TPM, Secure Boot, ultra-fringe Spectre / Meltdown vectors) is usually "feel-good window dressing" whilst the stuff that matters in the real-world (phishing, social engineering, the multitude of authorised back-door services enabled by default, eg, Remote Registry, Remote Management, a Windows firewall that defaults to allowing anything and everything to make unrestricted outgoing connections, etc) is exactly the stuff that Windows does little to nothing to stop.

 

[bobbybluz]

It's almost never the PC and almost always the user.

Computers continue to become more "intelligent", humans never do.

 

[Aretak]

We are annoyed that Microsoft expect us to upgrade to more secure PCs for Windows 11 (at least I am),
but one can see the need.

A breach of MSI's servers has nothing to do with consumer PCs or Windows 11. Equally, when it comes to the fallout from it, nothing is going to save you if you willingly flash a compromised UEFI image to your motherboard, for example. Not to mention that Microsoft can't be trusted with security in the first place. Malware has made it through their review process and been signed by them on numerous occasions.

 

[lexluthermiester]

We are annoyed that Microsoft expect us to upgrade to more secure PCs for Windows 11 (at least I am),
but one can see the need.

If you're going to comment on something, make sure it is contextually accurate. MSI's breach has NOTHING to do with Windows 11. At all. On any level. This has to do with a SERVER level intrusion, not a desktop level intrusion.

And even if your comment was contextually proper, you'd still be incorrect. Software security and hardware security are two separate things that CAN be interconnected, but don't NEED to be interconnected. The push for new hardware is all about coding laziness(on the part of microsoft) and computer sales. Nothing more.

Not to mention that Microsoft can't be trusted with security in the first place.

This! And partly because of...

Malware has made it through their review process and been signed by them on numerous occasions.

...this!

it's always Windows Server

MSI's servers are unlikely to be Windows Server based. But even if they are, 99% of all breaches are due to some form of incorrectly configured security settings along with a measure of social engineering. It's almost never a purely technological exploit.

 

[Klemc]

The hacker says he will reveal all what has been stolen on internet in five days, but if he has source code... why would he erase all that 'precious' data even if he gets payed ?

 

[Yraggul666]

The hacker says he will reveal all what has been stolen on internet in five days, but if he has source code... why would he erase all that 'precious' data even if he gets payed ?

Because they want to be paid the next time they breach someone else.

 

[Klemc]

Because they want to be paid the next time they breach someone else.

But, who will know they gave/sold/kept data to anybody ?.. to be double payed.

 

[bobbybluz]

From all I've read from various sources it appears that human error is 100% to blame in this instance. I'm on my phone at the moment so I can't post the links. No hardware or software could have prevented this breach; a MSI employee opening a malicious PDF file is the main suspected cause.

 

[Yraggul666]

Well if they do they guarantee nobody in The Scene will ever be paid again.
Companies are reluctant to pay groups anyway, sort of like a "not negociating with terrorits"policy
so double playing would not help anyone.

 

[trsttte]

The hacker says he will reveal all what has been stolen on internet in five days, but if he has source code... why would he erase all that 'precious' data even if he gets payed ?

That's why paying is never worth it, at least long term. Better bite the bullet now and start working on mitigation.

If you give a mouse a cookie, he's going to ask for a glass of milk

 

[lexluthermiester]

From all I've read from various sources it appears that human error is 100% to blame in this instance. I'm on my phone at the moment so I can't post the links. No hardware or software could have prevented this breach; a MSI employee opening a malicious PDF file is the main suspected cause.

And that is social engineering at work.

 

[trsttte]

From all I've read from various sources it appears that human error is 100% to blame in this instance. I'm on my phone at the moment so I can't post the links. No hardware or software could have prevented this breach; a MSI employee opening a malicious PDF file is the main suspected cause.

I mean, yes, but also what are email scanners doing? That vulnerability has been explored for a while (it even took down the LinusTechTips youtube channel recently), how are email scanners still looking at this files and not triggering all kinds of red flags?

 

[R-T-B]

it's always Windows Server,

lolno. These were almost certainly *nix boxes on the server end. Windows server market share is pretty abysmal.

I mean, yes, but also what are email scanners doing? That vulnerability has been explored for a while (it even took down the LinusTechTips youtube channel recently), how are email scanners still looking at this files and not triggering all kinds of red flags?

You are probably looking at a a.) a new pdf vulnerability that they don't know about yet (god there are so many) or b.) human incompetence (no AV scanner).

 

[Icon Charlie]

Never give your information to anyone willingly. This is a perfect example of why you do NOT register your components. Because I already know first hand by way of association of friends, who worked in the security industry that this sh!t is a lot more common than being reported. All of your information that you give to a corporation will be hacked.

Because eventually they WILL cut corners. And IT is one of the places they WILL cut.

 

[lexluthermiester]

Never give your information to anyone willingly.

THIS!!

 

[bobbybluz]

Never give your information to anyone willingly. This is a perfect example of why you do NOT register your components. Because I already know first hand by way of association of friends, who worked in the security industry that this sh!t is a lot more common than being reported. All of your information that you give to a corporation will be hacked.

Because eventually they WILL cut corners. And IT is one of the places they WILL cut.

That's what "burner" accounts are for. I never give out real information when registering products. I do make sure I can warranty them as gifts though and even then through other burner accounts. My real e-mail gets no spam, my burner accounts are flooded with it. Every few months I delete everything in them to keep the accounts active. I also use a VPN at all times along with a hardware firewall I built years ago.

 

[Icon Charlie]

That's what "burner" accounts are for. I never give out real information when registering products. I do make sure I can warranty them as gifts though and even then through other burner accounts. My real e-mail gets no spam, my burner accounts are flooded with it. Every few months I delete everything in them to keep the accounts active. I also use a VPN at all times along with a hardware firewall I built years ago.

The average gerbil does not know anything about "Burner" accounts. If they did, this type of theft that is in the hundreds of billions of dollars per year would be downgraded.

And regardless of all of the VPN's and Fire walls and what not (though it does help a great deal)...

The best way to keep your information is to not have it online at all. Secondly back everything in a regular manner.

Again CLOSED SYSTEMS for your important things. This is why I still use snail mail for payment of important things.

In my case as I do backups up my system, If I get tagged with ransomware, I just hot swap it out with a HD+OS that has my back up (once a week) and frag the infected drive to oblivion.

Again as state before my rig has the ICY DOCK system. So 6 different OS are on my rig at the moment.

I'm also playing around with Zorin Linux and Gnome Box for virtualization as Linux has less issues than Windows.

The lesson is to not willingly give out your personal information to anyone and make it harder for thieves to get your info so they can to make your life miserable.




I maybe Old...
I maybe Cranky...
But Grandpa Charlie...
Does not sing The Blues...

 

[claes]

Idk, burner accounts are actually a built in feature on Apple devices. Not sure why it’s not more ubiquitous on other platforms, or how many Apple users actually use it, but it ought to be a standard feature in web browsers.