MSI urges caution when downloading BIOS and firmware updates following cyberattack and rumors of $4 million ransom demand

Computer maker MSI has confirmed that it fell victim to a security breach, confirming rumors that sprang up in recent days. The Taiwanese company says that it "suffered a cyberattack on part of its information systems", and has warned customers to exercise caution when downloading BIOS and firmware updates for its products.

Although MSI has shared little in the way of detail about the incident, the confirmation comes after the ransomware group Money Message was said to have breached the company's defenses. The group has made demands for $4 million with the threats of leaking stolen files.

See also:

• Microsoft advises some Windows 10 users of impending automatic update ahead of end of service
• Microsoft's Windows 12 plans revealed
• Microsoft is about to make a crazy change to Windows 11 that will draw the ire of users

The news was first reported by PC Mag who noticed that a filing made by MSI with Taiwan's Stock Exchange (TWSE) included references to the security incident. The company said that it had "reported the anomaly to the relevant government authorities".

As news of the security breach spread, MSI then issued a pubic confirmation of the attack.

The full statement from the company reads:

MSI recently suffered a cyberattack on part of its information systems. Upon detecting network anomalies, the information department promptly activated relevant defense mechanisms and carried out recovery measures, and reported the incident to government law enforcement agencies and cybersecurity units. Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business.

MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.

MSI is committed to protecting the data security and privacy of consumers, employees, and partners, and will continue to strengthen its cybersecurity architecture and management to maintain business continuity and network security in the future.

The Money Message group claims to have stolen over 1.5TB of data according to information seen by Bleeping Computer, and this could be leaked in the coming days if MSI fails to pay the ransom.

Image credit: [email protected] / depositphotos