In this article, we will explain what happened when MSI, a hardware manufacturer, suffered a ransomware attack that resulted in the leak of its UEFI signing keys and Intel Boot Guard keys. I will also discuss the potential implications of this leak for the security of MSI devices and Intel chips.
What is UEFI and Intel Boot Guard?
UEFI stands for Unified Extensible Firmware Interface. It is a software interface that connects the firmware of a device to its operating system. UEFI replaces the legacy BIOS (Basic Input/Output System) that was used in older devices.
Intel Boot Guard is a security feature that is built into Intel chips. It is designed to prevent hackers from loading malicious firmware in the UEFI. This type of malicious firmware is known as UEFI bootkits. They can infect a device’s firmware and establish persistence even if the hard drive is replaced or the operating system is reinstalled.
To ensure that only legitimate firmware updates are installed on a device, UEFI and Intel Boot Guard use digital signatures. A digital signature is a cryptographic mechanism that verifies the authenticity and integrity of a piece of data. A digital signature consists of two parts: a public key and a private key. The public key is used to verify the signature, while the private key is used to create the signature.
A hardware manufacturer, such as MSI, has its own private key that it uses to sign its firmware updates. The corresponding public key is embedded in the device’s firmware and trusted by Intel Boot Guard. When a firmware update is installed, Intel Boot Guard checks the signature using the public key. If the signature is valid, the update is allowed to proceed. If the signature is invalid, the update is rejected.
What happened to MSI – Micro Star International?
In April 2023, MSI was attacked by a ransomware group called Money Message. The attackers claimed to have stolen 1.5 terabytes of data from MSI, including source code, databases, and private encryption keys (arstechnica.com)(techzine.eu). They demanded a ransom of $4 million from MSI, but when MSI refused to pay up, they began leaking the stolen data on their dark web site.
Among the leaked data were two private encryption keys: one for signing MSI firmware updates and one for Intel Boot Guard (arstechnica.com). These keys allow malicious actors to create fake firmware updates that can bypass Intel Boot Guard’s verification and infect MSI devices with UEFI bootkits. The leak also affects other companies that use MSI products or components, such as Lenovo and Supermicro (arstechnica.com).
How Money Message encrypts your computer
While investigating a sample, LMNTRIX CDC has observed evidence of a potential Money Message breach on an Intel hardware vendor. The Money Message encryptor is written either in C/C++ and includes an embedded JSON configuration file determining how a device will be encrypted. This configuration file specifies which files shouldn’t be encrypted, which extensions should be appended, which services and processes should be terminated, whether logging is enabled, and domain login names and passwords that are likely to be used to encrypt other devices. The ransomware will not encrypt data in the following directories in the sample examined by our team:
C:\MSOcache, C:\$Windows.~ws, C:\System Volume Information, C:\Perflogs,C:\ProgramData,C:\Program Files (x86), C:\Program Files,C:\$Windows.~bt, C:\Windows, C:\boot
When launched, the ransomware deletes Volume Shadow Copies using the following command:
cmd /c vssadmin.exe delete shadows /all /quiet
The ransomware will then terminate the following processes from target system:
sql.exe,oracle.exe,ocssd.exe,dbsnmp.exe,synctime.exe,agntsvc.exe,isqlplussvc.exe,xfssvccon.exe,mydesktopservice.exe,ocautoupds.exe,encsvc.exe,firefox.exe,tbirdconfig.exe,mdesktopqos.exe,ocomm.exe,dbeng50.exe,sqbcoreservice.exe,excel.exe,infopath.exe,msaccess.exe,mspub.exe,onenote.exe,outlook.exe,powerpnt.exe,steam.exe,thebat.exe,thunderbird.exe,visio.exe,winword.exe,wordpad.exe,vmms.exe,vmwp.exe
Next, the ransomware shuts down the following Windows services, then starts encrypting your data:
vss, sql, svc$, memtas, mepocs, sophos, veeam, backup, vmms
When encrypting files, it will not append any extension, but this can change depending on the victim. According to our team of security researchers, the encryptor uses ChaCha20/ECDH encryption when encrypting files.
The only files excluded from encryption by default are given below;
- desktop.ini
- ntuser.dat
- thumbs.db
- ntuser.ini
- ntldr
- bootfont.bin
- ntuser.dat.log
- bootsect.bak
- boot.ini
- autorun.inf
The encryption of the files by Money Message was fairly slow compared to other encryptors, as observed by LMNTRIX CDC. After encrypting the target computer / system, the ransomware will create a ransom note named money_message.log that contains a link to a TOR negotiation site used to negotiate with the threat actors. The ransomware will also have a threatening note that they will publish any stolen data on their dump site if a ransom is NOT paid.
What are the implications of this leak?
The leak of MSI’s UEFI signing keys and Intel Boot Guard keys poses a serious threat to the security of MSI devices and Intel chips. Hackers could use these keys to create malicious firmware updates that would compromise the devices’ firmware and potentially gain access to sensitive data, such as passwords, encryption keys, or personal information.
Moreover, these malicious firmware updates would be very hard to detect and remove. They would load before the operating system and hide their activities from both the kernel and security software (tomsguide.com). They would also persist even if the hard drive is replaced or the operating system is reinstalled.
Furthermore, there is no easy way to revoke or replace the compromised keys. MSI does not have an automated patching process or key revocation capabilities like some larger hardware makers do. This means that MSI would have to manually update each affected device with new keys and firmware. This could take a long time and leave many devices vulnerable in the meantime.
Intel is aware of these reports and actively investigating. However, it should be noted that Intel Boot Guard OEM keys are generated by the system manufacturer, not by Intel (tomsguide.com). Therefore, Intel may not have much control over how these keys are managed or secured by its partners.
How can you protect yourself from similar attacks?
At the moment, there is not much that users can do to protect themselves from potential threats arising from this leak. However, some general precautions that could help are:
• Avoid downloading or installing firmware updates from untrusted sources or suspicious links.
• Check the digital signature of any firmware update before installing it.
• Use antivirus software and keep it updated.
• Backup your data regularly and store it offline or on a separate device.
• Monitor your device’s performance and behavior for any signs of infection.
• Contact MSI or your device manufacturer for any guidance or support.
Conclusion
The appearance of the Money Message ransomware group presents a new threat that organisations must be aware of now. Despite the fact that the group’s encryptor does not appear to be sophisticated, it has been established that the operation is successfully stealing data and encrypting devices throughout the globe. LMNTRIX CDC is actively analyzing this ransomware, and updates will be provided when a decryptor is publicly available.
For further reading, refer this whitepaper from Intel – Below the OS Security
** This is a living blog post; it may be updated in the future as new developments come up. **
[…] Flashing a Blank Chip: Learn how to flash a blank chip with a patched BIOS file. This is crucial for restoring functionality. […]