Ransomware groups are proliferating on the threat landscape at an alarming rate, akin to the sudden growth of mushrooms after a rainfall. The new group called Money Message was observed demanding million-dollar ransoms in exchange for a decryptor.

Diving into details

As of now, Money Message has listed two victims on its leak site - an Asian airline with a revenue of over $1 billion and an unnamed computer hardware vendor. 
  • The ransomware encryptor is written in C++ and contains an embedded JSON configuration file to determine the encryption process of a device. 
  • The ransom note includes a link to a Tor negotiation site for the victim to contact the threat actors. 
  • While the encryptor—ChaCha20/ECDH encryption—used by Money Message is not very advanced, the operation is still encrypting devices and stealing their data. 

Another new ransomware - Dark Power

Dark Power has been active since February and has already breached 10 companies within a month.
  • Written in Nim language, this ransomware comes in two variants, with two different encryption keys and formats.
  • Dark Power ransomware has been targeting organizations in the U.S., the Czech Republic, Algeria, Egypt, Peru, France, Israel, and Turkey.
  • The attackers had demanded a ransom of $10,000 in XMR from its victims within 72 hours to prevent the leak of the stolen data.

Beware of fake ransomware groups

A new fake ransomware group has emerged that is piggybacking on ransomware incidents and data breaches to extort U.S. organizations. Named Midnight, the group even threatens DDoS attacks if the ransom is not paid.

The bottom line

While Money Message doesn’t appear a sophisticated malware threat, it is still targeting companies, stealing data, and extorting them. Moreover, the regular emergence of new ransomware groups highlights the rising volume of threats against organizations. Therefore, implement proper defenses and stay safe.
Cyware Publisher

Publisher

Cyware