Money Message

Money Message can encrypt network shares and targets both Windows and Linux operating systems. Upon analyzing Money Message binaries, we noticed a similarity: they contained admin credentials in the configuration, which were then used to target network resources. Based on this, we suspect the threat actors (TA)s might be leveraging stealer logs in their operation.  

The group utilizes a double extortion technique to target its victims, which involves exfiltrating the victim’s data before encrypting it. The group uploads the data on their leak site if the ransom is unpaid.  

Money Message was first observed in March 2023 and has already affected more than five publicly disclosed victims, with the majority of them being from the United States. The victims belong to different industries, including BFSI, Transportation and Logistics, and Professional Services. 

SOURCE