A new ransomware threat actor has been reported targeting large corporations and demanding huge payouts in exchange for the decryption key and for not leaking sensitive data stolen in the attack.
Calling itself Money Message, the group was first reported on the BleepingComputer forums in the last days of March, with cybersecurity researchers from Zscaler ThreatLabs also flagging the potential threat soon after, as well.
So far, the group listed two victims on its data leak site, one of which is allegedly an Asian airline with almost a billion dollars in annual revenue. Apparently, the group demanded $1 million in exchange for the decryptor and for keeping the data to themselves.
Short on details
BleepingComputer says there is evidence of the group being behind a ransomware attack on a “well-known computer hardware vendor”, but nothing is conclusive just yet.
The publication claims the encryptor “does not appear sophisticated”, but still gets the job done, encrypting all endpoints across target networks, and siphoning out sensitive data.
Besides Business Email Compromise, ransomware is one of the most popular and disruptive forms of cyberattack out there. Many groups, such as LockBit, REvil, or Black Basta, have repeatedly targeted not just commercial businesses, but government organizations and critical infrastructure, prompting governments around the world to act.
After a number of arrests and hardware confiscations, most ransomware operators publicly stated they would not target critical infrastructure operators or healthcare organizations.
This year, one of the biggest ransomware attacks happened when a Russian group called Clop found a zero-day vulnerability in GoAnywhere MFT and used it to infect, as it claims, 130 organizations around the world. So far, dozens of firms confirmed suffering from a ransomware attack at the hands of Clop, including the Hatch Bank, Hitachi Energy, Saks Fifth Avenue, Procter & Gamble, and others.
- These are the best firewalls right now
Via: BleepingComputer