Money Ransomware Group Enters Double-Extortion Fray

Ransomware group uses API calls to spread throughout shared network resources, researchers say.

Dark Reading Staff, Dark Reading

April 13, 2023

1 Min Read
stacks of cash money
Source: Joy via Alamy Stock Photo

An emerging threat group dubbed Money Ransomware has adopted the increasingly popular tactic of encrypting and exfiltrating sensitive data from organizations and threatening to leak it if the victim refuses to pay.

Cybersecurity researchers at Yoroi recently published Money Ransomware's indicators of compromise and the results of their investigation into the group's first two victims, one of which was the Bangladesh Airport, the researchers said.

Besides the group's nascent double-extortion ransomware activities, its malware abuses the Windows API function WNetAddConnection2W to establish a connection with other network assets and spread.

"This poses a significant concern for organizations, as a single infected system can rapidly result in extensive damage and data loss," Yoroi's report on Money Ransomware said. "To mitigate this risk, it is vital for organizations to adopt a proactive approach to network security. This includes regularly patching and updating software, employing firewalls and other network security tools, and educating employees on how to recognize and avoid common phishing and social engineering attacks."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights