Ransomware Actor, Money Message, Extorting Millions
April 4th, 2023 |
A new ransomware gang dubbed “Money Message” is causing global concern. This gang has targeted organizations with multi-million dollar ransoms. They use sophisticated methods to carry out their attacks that are developed to be evasive.
The emergence of this new malicious actor highlights the ongoing threat of cyberattacks and the need for more pervasive security measures. As with all attackers, the methods used will most likely evolve, but their goal remains the same – extort money!
As of now, Money Message has listed two victims on its extortion site, one of which is an Asian airline with annual revenue close to $1 billion. The group’s claims of stolen files from the airline are validated by providing screenshots of the accessed file system as proof of breach.
Acreto Solution
Acreto Ecosystem security addresses this challenge by:
-
Providing a dedicated security infrastructure per application or use case. This means that only users, devices, systems and applications that need to interoperate can interconnect and have access- regardless of the type of technology, its location, network or ownership. All other technologies are automatically isolated without any additional effort.
-
Despite the constantly evolving polymorphic threats, Acreto implements a positive security model. Only communications where the network protocol and port, application protocol and application programs criteria are met are allowed. All other communications are excluded. Malware, especially ransomware can not emulate application programs.
Acreto Ecosystems secure any technology, on any network, anywhere. An Ecosystem provisions in 5 minutes and deploys in around 2 hours without the need for products, logistics and hard-to-find experts. Contact Acreto today for more information or to evaluate Ecosystem security for your organization.
Technical Data
Money Message uses a sophisticated method to carry out their attacks. Their encryptor is written in C++, which makes it harder to detect and trace. The encryptor also includes an embedded JSON configuration file that determines how a device will be encrypted.
This configuration file includes a range of parameters, such as which folders to block from encrypting, which extensions to append to the encrypted files, the services and processes to terminate, and whether logging should be enabled.
In addition, the configuration file also contains domain login names and passwords that are likely used to encrypt other devices on the network, making it easier to move laterally, spreading the attack.
Overall, Money Message has created a highly sophisticated attack tool that enables them to carry out their ransomware attacks effectively and efficiently.
About Acreto
Acreto delivers full-stack cybersecurity without products, logistics or significant security expertise. It creates and consolidates the best of cybersecurity into a single plug-and-play platform with automated updates to stay ahead of threats. Acreto activates enterprise-grade security instantly, so organizations can run safely, easily, and without interruption.