BleepingComputer reports that a new ransomware gang called Money Message has emerged, with the first victim identifying themselves on March 28.
The gang appears to target victims from around the world and demands that victims pay millions of dollars in ransom in exchange for their data not being leaked and being provided with a decryptor. The threat actor has so far claimed to have hit two victims on its extortion website, including an Asian airline that earns nearly $1 billion in annual revenue.
Investigations revealed that Money Message uses an encryptor written in C++ and includes an embedded JSON configuration file that determines the type of encryption to be used on a device, as well as which items to block from encryption, which extensions to append, which services and processes are terminated and whether or not logging is enabled.
A security researcher on Twitter observed that the encryptor uses ChaCha20/ECDH encryption. The encryptor does not appear to be sophisticated, and yet it is confirmed to have been used successfully in numerous data theft and encryption campaigns by the gang.