State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Money Message Ransomware Targets NJ Organization

NJCCIC Alert

Original Release Date: 5/25/2023

Money Message Tor Leak Site. Image Source: BleepingComputer

Summary

A relatively new and very active ransomware group identified as Money Message was observed targeting a New Jersey private organization. Money Message Ransomware was first observed targeting organizations worldwide and demanding million-dollar ransoms as early as mid-March. The group appears to routinely target large corporations that provide services to several subsidiaries impacting third-party entities and their customers. The group has published substantial quantities of victims’ stolen data on their data leak site including Micro-Star International (MSI) and PharMerica. These breaches impacted millions of individuals and left several devices vulnerable to malicious firmware after signing keys for the Intel Boot Guard security feature were leaked. The Money Message encryptor is written in C++ and includes an embedded JSON configuration file to determine how a device will be encrypted. When launched, it will delete Shadow Volume Copies, terminate processes, and create a ransom note named money_message.log. At the time of this writing, indicators of compromise (IOCs) are limited.

Recommendations

The NJCCIC urges organizations to remain vigilant, keep systems up to date and apply patches as they become available, enable strong endpoint security, and enforce cyber hygiene. Additionally, implement a defense-in-depth strategy, segment networks, apply the Principle of Least Privilege, enable  MFA where available, encrypt sensitive data at rest and in transit, create and test continuity of operations plans and incident response plans, and establish a comprehensive data backup plan that includes performing scheduled backups regularly, keeping an updated copy offline in a separate and secure location, and testing regularly. The NJCCIC provides further recommendations in the  Ransomware: The Current Threat Landscape post and the Ransomware: Risk Mitigation Strategies technical guide. Incidents may be reported to local police departments, the  FBI, and the  NJCCIC. Further reporting can be found in the BleepingComputer article.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.