moneymessage
3 incidentes
2 paises
3 sectores
ransomware Ultimo: 2026-06-25
MoneyMessage is a ransomware group that emerged in March 2023, demanding multi-million dollar ransoms from its victims. The group primarily operates a double extortion model, encrypting data and subsequently threatening to publish stolen sensitive information on a dedicated leak site if ransom demands are not met. A distinguishing characteristic of MoneyMessage is its ransomware variant's tendency not to alter file extensions on encrypted files, instead dropping a plain text ransom note named `money_message.log` in affected directories. The group targets a wide array of organizations globally, focusing on large corporations across various sectors, and is known for its ability to target both Windows and Linux operating systems, including VMware ESXi servers.
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
TTPs observadas
Paises afectados
Paises objetivo (SOCRadar)
ArgentinaAmerican Samoa
Australia
Bangladesh
Czech Republic
Algeria
Egypt
France
United Kingdom
IsraelSectores atacados
Business Services (1)
Public Sector (1)
Banking (1)
Sectores objetivo (SOCRadar)
Construction of BuildingsMonetary Authorities-Central BankCredit UnionsHospitalsAccommodationAir TransportationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic Administration
URLs nuevas detectadas en IntelTracker
Victimas (2)
Forestdale11 May 2026
Ransomware United Kingdom Business Services
United Kingdom Business Services Resumen La alerta de ransomware "Forestdale" fue publicada el 2026-05-11 y está asociada al grupo ciberdelincuental "moneymessage". Este tipo de ataqu…
Family Partnerships of Central Florida28 Jan 2026
Ransomware 
United States Public Sector
United States Public Sector Resumen Family Partnerships of Central Florida, una organización sin fines de lucro que proporciona apoyo a niños con necesidades especiales, ha sido …