Hackers from the Money Message ransomware group named organizations based in the United States as its latest victims. The dark web message claimed Maxco Supply and MD Logistics cyber attacks.
Besides them, the Money Message ransomware group named Toscana Promozione as its ransomware victim. Toscana Promozione Turistica is a Tuscany regional government agency that promotes tourism in Italy.
Toscana Promozione, Maxco Supply and MD Logistics Cyber Attack
MD Logistics provides supply chain solutions to organizations across the United States. A cyber attack on MD Logistics could mean gaining access to its client data to target them afterward. Maxco offers packaging and manufacturing services to its clients including the food industry. And it is food safety certified.
A cyber attack on Maxco Supply could potentially expose clients including small and medium-sized firms belonging to the food industry.
Money Message Ransomware Group and MD Logistics Cyber Attack
The Money Message ransomware group has targeted a wide range of geographical regions for a more comprehensive list of exfiltrated data. Moreover, a threat intelligence report by Cyble speculated Money Message group was using stealer logs.
Addressing the malicious tasks fulfilled by the Money Message ransomware, a Cyble blog read, “Upon analyzing Money Message binaries, we noticed a similarity: they contained admin credentials in the configuration, which were then used to target network resources.”
Supply chain attacks have been a lucrative source to find databases and logs with login credentials. Ransomware groups target one vendor and extort all the possible client organizations.
Based on the revenue of the targeted organizations, and the ongoing activities of the group including the MD Logistics cyber attack, it is clear that the hackers have the resources to exploit several organizations in tandem. Even if a few deny paying a ransom, there are plenty of others who might give in.
First detected active in March 2023, the Money Message ransomware group has actively attacked industries including logistics, professional services, transportation, and the Banking, Financial Services and Insurance (BFSI).
The targeted organizations were found to be having good revenue. “Among the victims of Money Message are also a few companies worth billions of dollars,” the Cyble blog added.
The Money Message ransomware scans for all the active drives on a system, checks for the running processes, and kills services. The stopping of services has been done using the CloseServiceHandle() function.
Following this, the ransomware uses the Elliptic Curve Diffie-Hellman (ECDH) key exchange and ChaCha stream cipher algorithm to encrypt data.
Moey Message ransomware group claimed a cyber attack on Taylor University in September 2023.
Schools store databases of thousands of students, parents, teachers, staff, and others. The workings of the Money Message ransomware group point toward a specialized plan involving selling data to smaller cybercriminals if they do not make money via extortion.
Several hacker forum pages mention data sales from organizations that they do not hack. It could be possible that the members of the Money Message ransomware group release the data for social engineering attacks.
Money Message members have been known to demand a huge ransom of USD 500,000 in some cases. It is recommended that named organizations with the MD Logistics ransomware attack claim ask all employees and clients to change their login credentials to avoid further exploitation.
It is not clear how much ransom has been demanded by the hackers in the Maxco cyber attack and the ransomware attack on Toscana Promozione Turistica.
The websites of all the named organizations were accessible when checked by The Cyber Express team. The companies are yet to respond to our request about the claims made by Money Message.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
