24.Key Code Esm W900

Cyble Research and Intelligence Labs (CRIL) discovered a new ransomware group called Money Message. Both Windows and Linux operating systems are targeted by this ransomware, which can encrypt network shares. Experts believe that threat actors may use stealer logs in their operations.

More than five victims publicly identified as having been impacted by Money Message, the majority of whom are Americans, have already been reported since it was first noticed in March 2023. Industries represented by the victims include BFSI, transportation and logistics, and professional services.

The gang targets its victims using a double extortion method that entails exfiltrating the victim’s data before encrypting it. The group posts the data on their leaked website if the ransom is unpaid.

The Elliptic Curve Diffie-Hellman (ECDH) key exchange and ChaCha stream cipher algorithm are used by the Money message ransomware to encrypt data on a victim’s Computer and demand a ransom for its release.

Researchers stated that, like other ransomware groups, this ransomware does not rename the file after encryption.