top of page

MSI falls victim to double extortion ransomware attack, Boot Guard keys leaked

In a recent tweet, Alex Matrosov, founder and CEO of firmware security firm Binarly, announced that the private code signing keys of Taiwanese PC maker MSI have been leaked on a dark website. This comes as a result of a ransomware attack that MSI faced last month. The leaked keys are associated with 57 PCs and private signing keys for Intel Boot Guard used on 116 MSI products. According to Matrosov, the Boot Guard keys from MSI are believed to impact several device vendors, including Intel, Lenovo and Supermicro. Intel Boot Guard is a hardware-based security technology that's designed to protect computers against executing tampered UEFI firmware. In response to the attack, MSI released a statement urging users to only obtain firmware/BIOS updates from its official website. The statement also said that the affected systems have gradually resumed normal operations and that there is no significant impact on the company's financial business. This news is concerning for a number of reasons. First and foremost, it highlights the vulnerability of code signing keys. Code signing keys are used to verify the authenticity of code and ensure that it has not been tampered with. If these keys fall into the wrong hands, it could allow malicious actors to sign code that appears to be from a trusted source. This could lead to all sorts of problems, ranging from data breaches to the distribution of malware. It's also worth noting that this is not the first time that code signing keys have been leaked as a result of a ransomware attack. In 2017, a similar incident occurred when a ransomware gang known as Petya leaked the private code signing key of Ukrainian software firm MeDoc. This ultimately led to the spread of the NotPetya malware, which caused billions of dollars in damage. As ransomware attacks become more and more common, it's important for companies to take steps to protect their code signing keys. This includes keeping them safe and ensuring that they are not used for any other purpose. It's also important to have a plan in place in case of an attack. This should include having backups of all important data and having a way to quickly restore systems in the event that they are compromised.


bottom of page