A new ransomware gang named ‘Money Message’ has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor.
The new ransomware was first reported by a victim on the BleepingComputer forums on March 28, 2023, with Zscaler’s ThreatLabz soon after sharing information on Twitter.
Currently, the threat actor lists two victims on its extortion site, one of which is an Asian airline with annual revenue close to $1 billion. Additionally, the threat actors claim to have stolen files from the company and include a screenshot of the accessed file system as proof of the breach.
While investigating, BleepingComputer has seen evidence of a potential Money Message breach on a well-known computer hardware vendor. However, we have not been able to independently confirm the attack with the company at this time.
How Money Message encrypts a computer
The Money Message encryptor is written in C++ and includes an embedded JSON configuration file determining how a device will be encrypted.
This configuration file includes what folders to block from encrypting, what extension to append, what services and processes to terminate, whether logging is enabled, and domain login names and passwords likely used to encrypt other devices.[…]
To read the original article: