Fee platform MoneyGram says there isn’t any proof that ransomware is behind a current cyberattack that led to a five-day outage in September.
MoneyGram is an American fee and cash switch platform that enables folks to ship and obtain cash via an intensive community of 350,000 bodily places in 200 nations or by way of its cell app and web site.
MoneyGram confirmed that they had suffered a cyberattack and took methods offline to include the breach on September 20, three days after prospects began reporting experiencing points.
The disruption to IT methods prevented prospects from with the ability to entry and switch their cash and carry out different on-line actions.
Whereas many suspected it was a ransomware assault, MoneyGram shared no additional particulars, and no ransomware gangs claimed duty.
In an e-mail with up to date details about the cyberattack despatched to stakeholders on September 25 and seen by BleepingComputer, MoneyGram mentioned that prospects are lastly in a position to switch funds once more.
MoneyGram confirmed that company methods had been breached, however after investigating the assault with CrowdStrike, regulation enforcement, and different cybersecurity professionals mentioned there was no proof that ransomware was behind the assault.
“After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services,” says an e-mail obtained by BleepingComputer.
“We recognize the importance of system security as we take these actions. We restored our systems only after taking extensive precautionary measures. At this time, we have no evidence that this issue involves ransomware nor do we have any reason to believe that this has impacted our agents’ systems.”
A supply acquainted with the assault shared additional info, telling BleepingComputer that MoneyGram was initially breached via a social engineering assault on the corporate’s inside assist desk.
This assault allowed the menace actors to entry MoneyGram’s community utilizing an worker’s credentials and goal worker info within the firm’s Home windows Energetic Listing Companies. Nonetheless, they had been detected and blocked earlier than extra injury could possibly be carried out.
BleepingComputer contacted MoneyGram with questions concerning the breach however didn’t obtain a reply again.
When you have any info concerning this incident or some other undisclosed assaults, you possibly can contact us confidentially by way of Sign at 646-961-3731 or at ideas@bleepingcomputer.com.
Whereas MoneyGram has not publicly attributed the assault to any specific menace actor, the methods are harking back to assaults beforehand carried out by a loose-knit hacker collective often known as Scattered Spider (aka UNC3944, the Com, and 0ktapus).
In September 2023, Scattered Spider was behind a cyberattack on MGM Resorts, which they breached by impersonating an MGM worker whereas calling the IT assist desk to reset the password.
As soon as they gained entry to the community, the menace actors deployed the BlackCat ransomware to encrypt lots of of VMware ESXi servers.
As a result of sophistication of their social engineering assaults, Microsoft, the FBI/CISA, and Mandiant launched advisories on their ways and tips on how to defend in opposition to them.
