Money Message Ransomware

Cyble Research and Intelligence Labs (CRIL) discovered a new ransomware group called Money Message. Both Windows and Linux operating systems are targeted by this ransomware, which can encrypt network shares. Experts believe that threat actors may use stealer logs in their operations. 

More than five victims publicly identified as having been impacted by Money Message, the majority of whom are Americans, have already been reported since it was first noticed in March 2023.

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/04/image-2.png?resize=803%2C315&ssl=1

Industries represented by the victims include BFSI, transportation and logistics, and professional services.

Specifics of the New Money Message Ransomware Attacks

The gang targets its victims using a double extortion method that entails exfiltrating the victim’s data before encrypting it. The group posts the data on their leaked website if the ransom is unpaid.

The Elliptic Curve Diffie-Hellman (ECDH) key exchange and ChaCha stream cipher algorithm are used by the Money message ransomware to encrypt data on a victim’s Computer and demand a ransom for its release.

Researchers stated that, like other ransomware groups, this ransomware does not rename the file after encryption.

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/04/Figure-11-Encrypted-File.png?resize=826%2C229&ssl=1

“This ransomware fetches the base64 encoded ransom note from the configuration and then decodes it. It creates a file named money_message.log for writing the ransom note. This note contains the instructions given by the TA”, explains CRIL researchers.

Once the ransomware has gained access to the network using admin authentication credentials, the ransomware begins encrypting files in the network shares.  

“Money Message is capable of encrypting network shares, and its approach to target network shares resembles that of the Maze and Petya ransomware,” researchers.

Necessary Precautions to Prevent Ransomware Attacks

  • Maintain consistent backup procedures and store those backups offline or on a different network.
  • Wherever possible, enable automatic software updates on your devices.
  • Your connected devices, such as your PC, laptop, and mobile, use a reputable anti-virus and Internet security software package.
  • Avoid clicking suspicious links and opening email attachments without checking their legitimacy.

Why do Organizations need Unified endpoint management – 

Related Read:

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.