Step-by-step through the Money Message ransomware

In August 2023, the Sophos X-Ops Incident Response team was engaged to support an organization in Australia infected with Money Message ransomware. This attack vector, known for its stealth, does not append any file extensions to the encrypted data, making it harder for victims to identify the encrypted files simply by spotting such extensions. In this post, we will look at the incident attack flow, illustrating how threat actors are deploying the Money Message ransomware and what measures can combat attacker efforts at various points along the MITRE ATT&CK chain.

Read more…
Source: Sophos