HQ/EMEAFind out how we can help your business
The new cybercriminal threat group, Money Message, is an overly aggressive operation that demands its victims millions of dollars as a ransom in exchange for a decryptor. This newly emerged cybercriminal operation is part of threat actors deploying ransomware.
Based on reports, the Money Message group has posted a couple of its victims on its data leak website. One of the confirmed victims is an Asian airline whose attackers were forced to pay more than a billion dollars as a ransom. The other victim is an undisclosed computer hardware vendor, for which the operators also ask for millions of dollars.
The Money Message ransomware has a standard encryptor that other operations adopt for cybercriminal campaigns.
According to investigations, the developers of Money Message ransomware coded its encryptor in C++, and it includes a JSON configuration archive to identify the encryption process of a targeted device. The ransom noted contains a link redirecting a victim to a Tor negotiation website.
However, the researchers explained the Money Message group could still encrypt targeted devices and steal data despite using an unsophisticated encryptor.
These ransomware operations suddenly emerged out of nowhere at the start of 2023. One of these entities is Dark Power, which has been active since February and has already claimed ten entities in under 30 days.
Money Message’s ongoing malicious operation targets organisations in the United States, Egypt, France, Turkey, Israel, Algeria, Peru, and the Czech Republic.
These actors have also been aggressive with their attacks since it demands targets of about $10,000 in XMR within three days to prevent data leaks.
Ransomware attacks have attracted many actors for the past few months since they enable their operators to profit immediately. Hence, new hackers have organised their operations to target different entities. Even well-established threat actors have transitioned into ransomware campaigns to acquire more profit.
Cybersecurity experts emphasised that the Money Message ransomware operation is not a sophisticated malware threat. However, it could still steal data and extort its targets. Organisations should employ proper defences and be knowledgeable about these attacks.
