moneymessage
Ransomware group profile
Description
MoneyMessage is a ransomware group that emerged in March 2023, focusing on financial gain through sophisticated cyber attacks. They use double extortion tactics, encrypting data while threatening to leak sensitive information to pressure victims into compliance. Their operations have impacted high-profile organizations across various sectors worldwide.
Key insights
- •Employs double extortion tactics, encrypting data and threatening to leak it.
- •Gains initial access via targeted phishing and social engineering attacks.
- •Utilizes unique ransomware that encrypts files without changing their names.
- •Targets both Windows and Linux operating systems, including VMware ESXi servers.
- •Deletes Volume Shadow Copies to evade detection during attacks.
- •Maintains a dark web site for extortion and data leak threats.
Threat Level & Status Breakdown
For moneymessage · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for moneymessage in the selected period
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for moneymessage
T1486
T1486
T1490
T1490
T1021
T1021
T1562
T1562
T1080
T1080
T1078
T1078
T1547
T1547
T1059
T1059
T1021.001
T1021.001
T1112
T1112
T1027
T1027
T1136
T1136
Victims(4)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Forestdale | — | GB United Kingdom | Professional Services | Claimed | 23 days ago | |
| Family Partnerships of Central Florida | fpocf.org | US United States | Manufacturing | Claimed | 4 months ago | |
| Bucks County Opportunity Council, INC. | bcoc.org | US United States | Manufacturing | Claimed | 10 months ago | |
| Young Adjustment Company | youngadjustment.com | US United States | Manufacturing | Claimed | 11 months ago |
Affected countries(16)
Countries where this group has been reported to target or leak victims.