MSI warns against installing unofficial firmware after suffering a cyberattack
MSI confirmed that it has become the victim of a cyberattack on Friday. The company published a short statement on its official site about the incident.
In it, MSI describes that its information systems have suffered a cyberattack. MSI activated defensive countermeasures when it became aware of the attack and has carried out recovery measures. The incident was reported to local authorities and cybersecurity units as a response.
MSI notes that the systems that were affected by the cyberattack have resumed operations and that the whole incident had "no significant impact on financial business".
The notification includes a recommendation to customers. MSI asks customers of its products to only obtain firmware and BIOS updates from its official website, and not use any files related to updating MSI products from sources other than the official website.
While a manufacturer's website is often visited first when it comes to downloading updated firmware, drivers or software, it is not uncommon for these files to also be available on third-party sites, e.g., sites specialized in hardware or enthusiasts forum. Sometimes, these locations are the only places to obtain certain updates for products.
MSI is a global hardware manufacturer that is making laptops, desktop systems, servers, motherboards, graphics card, and more. The company has an annual revenue of more than $6.5 billion.
Bleeping Computer noted on Thursday that evidence of the attack was posted online by the ransomware group known as Money Message. MSI was listed by the threat actor on a website. The post included details on the obtained data and information. According to the post, Money Message managed to obtain several key databases, source codes and private keys.
The threat actor claims to have obtained 1.5 terabytes of data from MSI systems and is requesting a ransom payment of $4 million. The crew threated to release the data to the public if MSI does not pay the ransom demand.
MSI customers may access the company's official support and download website here. There, they may enter the name of the product to find all available support documents and file downloads.
Most customers may want to postpone the installation of updates until the situation becomes clearer.
Now You: do you use MSI products?
FYI Autoplay in Settings>Devices was already, and still is, off.
Windows 10 Home with auto-updates enabled.
@Martin
How can I block usb devices from auto running software stored on their chips?
We just recieved an “MSI Clutch GM20 Elite” corded usb mouse I orderd from Amazon.
When I plugged it in, software contained on the mouses hardware ran automatically and attempted to download and install “MSI Center”.
I did eventually allow the install and added the plugin to control all the LED’s on the mouse. If you don’t, it cycles through a rainbow of colors constantly. For whatever reason this RGB lighting stuff seems to be popular with children but I find it very annoying.
I had to create 5 diiferent allow rules just to setup the mouse lighting. (which I went back and changed to block after I finished) I also disabled the ‘run at startup’.
This “MSI Center” has a ton of stuff to take control of almost every aspect of ones PC. It’s pretty scary that it auto installs when someone plugs in a mouse.
We do. MSI makes high quality hardware.
I’ve always gotten MSI Afterburner, which works on most GPU not just MSI brand, from Guru 3D who has also reported this same story.