MSI suffered a massive data breach at the start of April and the Taiwanese electronics company promptly alerted its customers about the cyberattack on its "information systems." A few days later it emerged that a relatively young ransomware group "Money Message" was behind the hacking effort - these cybercriminals stated that they had infiltrated MSI's internal network. Gang members proceeded to acquire sensitive company files, database information and source code. At the time, Money Message demanded that MSI pay them a ransom of $4 million, with the added threat of stolen data getting leaked to the general public on the internet (in the event of MSI failing to pay up).

Money Message has this week claimed that MSI has refused to meet their demands - as a result, an upload of stolen data started on Thursday with files appearing on the group's own website, and spreading to the dark web soon after. Binarly, a cybersecurity firm, has since analyzed the leaked files and discovered the presence of many private code signing keys within the breached data dump. Alex Matrosov, Binarly's CEO states via Twitter: "Recently, MSI USA announced a significant data breach. The data has now been made public, revealing a vast number of private keys that could affect numerous devices. FW Image Signing Keys: 57 products (and) Intel Boot Guard BPM/KM Keys: 166 products." Binary has provided a list of affected MSI devices (gaming laptops & mobile workstations) on their GitHub page.

Cigent Technology, a company specializing in data security, has unveiled its unique Cigent Secure SSD+ drives. In contrast to the earlier Secure SSD series, the SSD+ incorporates a cutting-edge AI microprocessor that leverages machine learning (ML) to combat ransomware attacks and protect drive data. The Cigent Secure SSD+ emphasizes a proactive approach, integrating attack prevention within the storage. Its AI microprocessor applies ML algorithms to monitor SSD activity, mitigating ransomware threats. Users can customize detection sensitivity to reduce false positives. Working with Cigent Data Defense software, the Secure SSD+ provides several protective layers upon detecting potential attacks. It can initiate a "Shields Up" mode, demanding multi-factor authentication (MFA) for accessing secure files. The software can also auto-secure drive data or set read-only mode, preventing unauthorized access or modifications.

When an attack is detected, the software notifies security personnel to activate "Shields Up" on other Cigent-protected network systems. The Cigent Secure SSD+ logs data access, allowing a review of all activity performed on the drive. The company has also introduced safeguards to deter bad actors from disabling security features. However, the Cigent Secure SSD+ has limitations. To perform as intended, future users of these drives need to install them as their primary storage, and for now, only Windows OS is supported. We expect to see expansion to Linux as well, as software enablement for Linux happens. Also, the ML algorithms used are unknown, leaving everyone wondering about their effectiveness. As far as exact specifications, pricing, and availability, we have yet to have data for now but don't expect it to come cheap. The regular Secure SSD can cost over 1,000 USD for a 1 TB option. Additionally, Cigent has confirmed that these SSDs come in a standard M.2 2280 drive form factor, with mentions that it is a double-sided design, so some ultra-thin laptops could not support it. On the company website, Cignet offers a pre-order option, where you need to fill out a form.

Western Digital has declared that its My Cloud online service has been compromised by a group of hackers late last month: "On March 26, 2023, Western Digital identified a network security incident involving Western Digital's systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company's systems. Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities."

The statement, issued on April 4, continues: "The Company is implementing proactive measures to secure its business operations including taking systems and services offline and will continue taking additional steps as appropriate. As part of its remediation efforts, Western Digital is actively working to restore impacted infrastructure and services. Based on the investigation to date, the Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data. While Western Digital is focused on remediating this security incident, it has caused and may continue to cause disruption to parts of the Company's business operations."

It appears that MSI's data breach is more significant than originally thought and according to recent information, a new ransomware group known as "Money Message" was behind the attack, stealing databases and source code from MSI's network.

According to a report over from the BleepingComputer, Money Message claims to have stolen 1.5 TB of data from MSI's systems, including CTMS and ERP databases, software source code, private keys, and BIOS firmware. Money Message is threatening to publish these allegedly stolen documents and asking a ransom payment of $4 million. MSI has already warned its customers about the cyberattack, has started the "relevant defense mechanisms," and has been gradually restoring its systems back to normal operations.

RansomHouse, a newly established group aimed at monetizing stolen data, claims to own more than 450 Gb of data coming from AMD. The RansomHouse group is structured as the middleman and makes sure that hackers and victims negotiate to get the funds to hackers and data back to victims. It is claimed that the leaked AMD data contains network files, system information, and AMD passwords. This could be a very dangerous data breach, as inter-company passwords are used to access confidential files and personal information. The group notes that they own 450 Gb or gigabits of data, which translates into 56.25 GB or gigabytes of stolen data. We are not yet sure if the Gb notation is misspelled. It is claimed that AMD's poor security practices like using "password" passwords lead to the data breach, and no special ransomware software was used.

Tom's Hardware reached out to AMD for a statement, and got the following response:

AMD Representative for Tom's HardwareAMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.

SonicWall, the publisher of the world's most quoted ransomware threat intelligence, today released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021 including: ransomware, encrypted threats, IoT malware and cryptojacking. "Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases," said SonicWall President and CEO Bill Conner. "Securing information in a boundless world is a near impossible and thankless job, especially as the boundaries of organizations are ever-expanding to limitless endpoints and networks."

SonicWall Capture Labs threat researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105% increase. Ransomware volume has risen 232% since 2019. High-profile ransomware attacks impacted businesses, state and federal governments, schools, hospitals and even individuals. Attacks hit supply chains, causing widespread system downtime, economic loss and reputational damage. Following global trends, all industries faced large increases of ransomware volume, including government (+1,885%), healthcare (755%), education (152%) and retail (21%).

You might remember our recent post about the major GIGABYTE hack by attacker group RansomEXX where they stole 112 GB of data including confidential technical documents from Intel and AMD in addition to various GIGABYTE files. The attack occurred the week of August 2 and resulted in the temporary closure of GIGABYTE's headquarters, it would appear that GIGABYTE did not reach an agreement with the attackers as the first 7 GB of these documents have now been published online. The files were uploaded to RansomEXX's public website and included confidential AMD documents along with the source code for the Intel Manageability Commander. These documents have already confirmed the details of AMD's upcoming Ryzen Threadripper 5000 lineup and Socket AM5 cooler compatibility, we expect the hackers will continue to publish the stolen data unless an agreement is reached with GIGABYTE.

Acer has reportedly been hit with a REvil ransomware attack covering financial spreadsheets, bank balances, and bank communications. The actors are demanding a 50 million USD ransom which is one of the highest amounts ever demanded in a breach of this type. Acer has not confirmed the report instead stating that they "reported recent abnormal situations" to the relevant authorities. Communication between REvil and Acer began on March 14th with the attackers demanding payment in XMR cryptocurrency via a Tor website in return for the decryptor, a vulnerability report, and the deletion of stolen files. The cause of the attack appears to be a vulnerability in Microsoft Exchange which has now been patched but was not updated by Acer. The group is demanding payment before March 28th or the price will double to 100 million USD.

A Report via the New York Times paints an increasingly challenging picture for security specialists, technology users and businesses. Security firm Emsisoft reported a 41% increase in ransomware attacks in 2019 (in the US) compared to the previous year (up to 205,280 distinct attacks). The advent of cryptocurrencies with built-in anonimity, such as Monero, have become the favored extortion method employed by wrongdoers, shielding them from the usual checks and balances of the banking system. And with increasingly complex tools in the hands of hackers, plus the advantage of first strike new attacks enjoy, ransomware is becoming harder and harder to battle. According to the New York Times, citing security firm Coveware, the average payment for file decryption in 2019 rose to $84,116 in the Q4 2019, double what it was just in Q3. And in the last month of the year, the average decryption payment jumped more than twofold to $190,946.

Carbon Black, a cybersecurity company that's been founded by former members of the U.S. government's elite team of offensive security hackers, has released a report detailing the continued rise of ransomware's impact, which served as the fire-starter for this piece. Carbon Black's Threat Analysis Unit (TAU) has found that ransomware is an increasingly prolific economical entity, bolstered by a 2,502% increase in sales in the dark web. As with every activity, legal or illegal, the economic footprint follows profit; and in ransomware's case, it's estimated it has yielded around $1 billion just this year. Ransomware even has the advantage of not requiring specialized computer skills, and can be quickly and brainlessly deployed in search of a quick buck.

Carbon Black reports that there are currently more than 6,300 ransomware marketplaces in the dark web, with over 45,000 different product listings, which range in price from $0.5 to $3K (the median price for a DIY ransomware package stands at roughly $10.5). Ransomware sellers are taking advantage of this burgeoning, "quick buck at anyone's expense" reasoning: some ransomware sellers are earning more than six figures yearly, sometimes even more than legitimate software companies. It's no surprise, however that the report points to technologies such as Bitcoin and the Tor network as being two of the most important enablers in this ransomware explosion, besides making it much more difficult for law enforcement agencies to, well, enforce the perpetrators.To our Forum Dwellers: this piece is marked as an Editorial

"Where's my Bitcoin?" is a question no miner, investor or mere user in the cryptocurrency ever wants to have to ask. There's always someone willing to take advantage of someone else's hard work or subjection to risk in order to increase their own value; and if there's something years of cyber security have told us, is that hackers seldom lag in picking up new sources of undeserved revenue. So it was only a matter of time before general purpose ransomware started seeing updates so as to take advantage of the newer trends in valuable assets. Enter cryptocurrency. And you can probably guess the rest of this piece.

The new, updated Cerber ransomware routine now not only encrypts a user's files, it also looks for some specific, known Bitcoin wallet applications (namely, and as of time of writing, Bitcoin Core, Electrum, and Multibit), copies them to an external server controlled by the hackers, and proceeds to delete them from the user's PC. Naturally, Cerber also has a routine that handles copying passwords that are stored in your browser of choice. The wallet stealing and copying isn't much of a concern per se; there are additional security measures in any given wallet before the hackers can access their potential treasure trove of cryptocurrency. However, many people also keep files with passwords or some such on their computers; and could be doing a disfavor to themselves by not keeping another copy of their wallets on a secure, non-internet connected hardware wallet, or even USB pen. Naturally, a user who kept the password for their wallet on their system is vulnerable to the entire "ransomware" portion of the Cerber malware; and if someone doesn't even have another copy of their wallet but keeps an ungodly amount of value in it, could very well be facing losses towards the entirety of their wallet. Definitely not a good place to be.

You've heard of the Petya ransomware by now. The surge, which hit around 64 countries by June 27th, infected an estimated 12,500 computers in Ukraine alone, hitting several critical infrastructures in the country (just goes to show how vulnerable our connected systems are, really.) The number one hit country was indeed Ukraine, but the wave expanded to the Russian Federation, Poland, and eventually hit the USA (the joys of globalization, uh?) But now, some interesting details on the purported ransomware attack have come to light, which shed some mystery over the entire endeavor. Could it be that Petya (which is actually being referred to as NotPetya/SortaPetya/Petna as well, for your reference, since it mostly masquerades as that well-known ransomware) wasn't really a ransomware attack?

After last month's WannaCry outbreak (which persisted in its effects as recently as last week), we now have a new variant of ransomware infecting PCs across Europe. The outbreak seems centered in Ukraine, where several government facilities and critical pieces of infrastructure have been shutdown due to the attacks. The Ukrainian government seemed almost defiantly optimistic, posting this decidedly awesome response to twitter during the attack.

Ransomware has been seeing an increasing amount of interest in the tech world, motivated not only by the increase in number and severity of attacks, but also by the fact that some companies do elect to pay the demands. In this case, Nayana, a South Korean web hosting provider, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin. This decision comes following a ransomware infection that encrypted data on customer' servers. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.

The attackers initially asked for a ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After negotiating, the final amount came to 397.6 Bitcoin, which amounted to roughly $1 million at the time (Bitcoin is currently at $2744.56, so right now, those 397.6 Bitcoin are worth roughly $1.1 million dollars). The company has already paid two of the three payment tranches, and expects the decryption operation to take up to ten days due to the vast amount of encrypted data. If the data is liberated at all, that is, which can't really be counted upon, now can it?

CD Projekt Red are the world-renowned studio responsible for RPG masterpiece The Witcher 3: Wild Hunt and the two other less known, but still great Witcher RPGs before it. The company is one of the most gamer-oriented, generous game developers out there today, bar none. I say this, because this is a company who did some missteps before, but quickly backed out of them and that have created one of the most memorable and successful open-worlds to date. This is the studio that offered not only a soundtrack CD with their standard edition of the game, alongside a full-color map of the game world, but also went to the lengths of including a small letter to thank us for choosing their game over others. These developers offered 16 pieces of DLC with their game, DLC pieces that other studios had been (and have been) charging customers for.

The company outlined above have come forth in a tweet, publicly calling out an attempt from thieves to ransom stolen development files on the studios' upcoming sci-fi Cyberpunk 2077. CD Projekt Red said that they will not give in to demands from the individuals that have contacted them, and acknowledge that the public release of those files is likely to happen as a result. The studio also goes on saying that these files (if they even come to public now that their value has been thoroughly cut down) are "largely unrepresentative of the current vision for the game." I don't know about you, but I'd much prefer to get some info on CD Projekt Red's next project from themselves.P.S.: This editor Is sorry for the above post looking eerily similar to a rant. I just have a low tolerance for this kind of behavior from any part, but most of all, when the targeted party is actually one of the studios that is more deserving of gamers' respect.