Share this article on:
Since March, a new threat actor has begun a ransomware campaign targeting businesses from a range of industries worldwide.
The Money Message gang announced itself to the world by hacking the Hawaii Self Storage company, claiming on its dark web site that it had exfiltrated 32 gigabytes of data.
The gang has announced five more apparently successful ransomware attacks since then, the most recent being announced today (4 April).
Money Message is being uncharacteristically dramatic in its latest posting, too. The gang has posted a reveal counter ticking down to when they will reveal the target, and presumably publish the data they have.
“One huge trust have lost gigabytes of their’s data and now playing with fire trying to hang time. Keep an eye on the stocks,” the poorly written dark web message read, “don’t lose your money”.
Presumably, the “huge trust” is not negotiating with the threat actor.
While the gang appears to have been in operation since at least 19 March, its existence only came to light on 28 March, when a victim reported an attack on the Bleeping Computer forums. Zscaler’s ThreatLabz then shared details of negotiations between Money Message and what appears to be Biman Bangladesh Airlines, which the gang said it hacked on 23 March.
In that instance, Money Message was demanding a ransom payment of US$5,000,000 in return for decrypting the company’s data.
“You can keep silence so long how you want but we are going to publication all your data,” Money Message appears to say. “Think twice how much will be bribe to the regulator.”
Three days after that, Money Message published the data, which contained the passport details of both passengers and employees, among other data.
Other victims include a UK manufacturer, a US insurance company, and a glass and metal distributor. In each case, Money Message demanded a multimillion-dollar ransom and published the exfiltrated data when that ransom wasn’t paid.
While the initial vector of infection remains unknown, Bleeping Computer reports that the encryptor is written in C++ and appears to run slower than other similar malware.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.