The Information Highway

The Information Highway

Font size: +
2 minutes reading time (444 words)

MoneyGram: No evidence ransomware is behind recent cyberattack

Payment platform MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. 


MoneyGram is an American payment and money transfer platform that allows people to send and receive money through an extensive network of 350,000 physical locations in 200 countries or via its mobile app and website.

MoneyGram confirmed they had suffered a cyberattack and took systems offline to contain the breach on September 20, three days after customers started reporting experiencing issues. 

The disruption to IT systems prevented customers from being able to access and transfer their money and perform other online activities.

While many suspected it was a ransomware attack, MoneyGram shared no further details, and no ransomware gangs claimed responsibility.

In an email with updated information about the cyberattack sent to stakeholders on September 25, MoneyGram said that customers are finally able to transfer funds again.

MoneyGram confirmed that corporate systems were breached, but after investigating the attack with CrowdStrike, law enforcement, and other cybersecurity professionals said there was no evidence that ransomware was behind the attack.

"After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services," says in an email.

"We recognize the importance of system security as we take these actions. We restored our systems only after taking extensive precautionary measures. At this time, we have no evidence that this issue involves ransomware nor do we have any reason to believe that this has impacted our agents' systems."

A source familiar with the attack shared further information, disclosing that MoneyGram was initially breached through a social engineering attack on the company's internal help desk.

This attack allowed the threat actors to access MoneyGram's network using an employee's credentials and target employee information in the company's Windows Active Directory Services. However, they were detected and blocked before more damage could be done.

While MoneyGram has not publicly attributed the attack to any particular threat actor, the strategies are reminiscent of attacks previously conducted by a loose-knit hacker collective known as Scattered Spider (aka UNC3944, the Com, and 0ktapus).

In September 2023, Scattered Spider was behind a cyberattack on MGM Resorts, which they breached by impersonating an MGM employee while calling the IT help desk to reset the password.

Once they gained access to the network, the threat actors deployed the BlackCat ransomware to encrypt hundreds of VMware ESXi servers.

Due to the sophistication of their social engineering attacks, Microsoft, the FBI/CISA, and Mandiant released advisories on their tactics and how to defend against them.

Apache Avro SDK vulnerability
Highline Public Schools confirms ransomware behind...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Thursday, 14 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023