A new online threat actor has emerged: the Money Message ransomware gang. These cybercriminals are attacking companies all over the world, demanding millions of dollars in ransom for the decryption key and not leaking the stolen data.

When Did Money Message Appear?

Victims signaled the new ransomware gang on March 28, 2023. Soon after, ThreatLabz reported its double extortion techniques on Twitter.

The hackers already listed two victims on their data leak site. One of the victims is an Asian airline with a $1 billion yearly income. Threat actors announced that they have exfiltrated information from this company, posting a screenshot of the files as proof.

How Money Message Ransomware Works?

The ransomware gang uses the C++ language for the encryptor, with an embedded JSON file deciding on an encryption method for a gadget.

The JSON file determines what folders will not be encrypted, the added extensions, the services and the processes that will be stopped, if logging is on, and what domain login names and passwords will be used.

The only files that Money Message does not encrypt by default are: desktop.ini, ntuser.dat, thumbs.db, iconcache.db, ntuser.ini, ntldr, bootfont.bin, ntuser.dat.log, bootsect.bak, boot.ini, autorun.inf.

After encrypting the data, the gang will send the victim a ransom note. The message is called money_message.log, includes a link to a TOR negotiation site, and warns that if a ransom is not paid, the cybercriminals will publish the stolen data.

Money Message: The Newest Ransomware Gang that Threatens Organizations


Although the Money Message’s encryption is rather slow and not sophisticated, this is an additional online threat to organizations, successfully stealing data and encrypting devices.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.

What Is Data Leakage?

Ransomware Explained. What It Is and How It Works

CryLock Ransomware Explained: Origins, How It Works and How to Remove It

4 Examples of Data Encryption Software to Consider for Your Enterprise

WannaCry Ransomware Explained

Leave a Reply

Your email address will not be published. Required fields are marked *