This new ransomware campaign wants millions of dollars to get your files back

(Image credit: Pixabay)

A new ransomware threat actor has been reported targeting large corporations and demanding huge payouts in exchange for the decryption key and for not leaking sensitive data stolen in the attack.

Calling itself Money Message, the group was first reported on the BleepingComputer forums in the last days of March, with cybersecurity researchers from Zscaler ThreatLabs also flagging the potential threat soon after, as well. 

So far, the group listed two victims on its data leak site, one of which is allegedly an Asian airline with almost a billion dollars in annual revenue. Apparently, the group demanded $1 million in exchange for the decryptor and for keeping the data to themselves. 

Short on details

BleepingComputer says there is evidence of the group being behind a ransomware attack on a “well-known computer hardware vendor”, but nothing is conclusive just yet. 

The publication claims the encryptor “does not appear sophisticated”, but still gets the job done, encrypting all endpoints across target networks, and siphoning out sensitive data.

Besides Business Email Compromise, ransomware is one of the most popular and disruptive forms of cyberattack out there. Many groups, such as LockBit, REvil, or Black Basta, have repeatedly targeted not just commercial businesses, but government organizations and critical infrastructure, prompting governments around the world to act. 

After a number of arrests and hardware confiscations, most ransomware operators publicly stated they would not target critical infrastructure operators or healthcare organizations. 

This year, one of the biggest ransomware attacks happened when a Russian group called Clop found a zero-day vulnerability in GoAnywhere MFT and used it to infect, as it claims, 130 organizations around the world. So far, dozens of firms confirmed suffering from a ransomware attack at the hands of Clop, including the Hatch Bank, Hitachi Energy, Saks Fifth Avenue, Procter & Gamble, and others. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.