Quick Hits

Money Ransomware Group Enters Double-Extortion Fray

Ransomware group uses API calls to spread throughout shared network resources, researchers say.

An emerging threat group dubbed Money Ransomware has adopted the increasingly popular tactic of encrypting and exfiltrating sensitive data from organizations and threatening to leak it if the victim refuses to pay.

Cybersecurity researchers at Yoroi recently published Money Ransomware's indicators of compromise and the results of their investigation into the group's first two victims, one of which was the Bangladesh Airport, the researchers said.

Besides the group's nascent double-extortion ransomware activities, its malware abuses the Windows API function WNetAddConnection2W to establish a connection with other network assets and spread.

"This poses a significant concern for organizations, as a single infected system can rapidly result in extensive damage and data loss," Yoroi's report on Money Ransomware said. "To mitigate this risk, it is vital for organizations to adopt a proactive approach to network security. This includes regularly patching and updating software, employing firewalls and other network security tools, and educating employees on how to recognize and avoid common phishing and social engineering attacks."

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading