MoneyGram, a payment provider, claims there is no proof that ransomware was behind a recent incident that caused a five-day outage in September.
MoneyGram is an American payment and money transfer platform that allows customers to send and receive money through a vast network of 350,000 physical locations in 200 countries, as well as through its mobile app and website.
The payment platform acknowledged a cyberattack and took systems offline to limit the incident on September 20, three days after customers began reporting concerns.
Customers were unable to access and transfer money, as well as engage in other online activities, due to the disruption of IT services. While many suspected a ransomware assault, MoneyGram provided no additional information, and no ransomware group claimed responsibility.
MoneyGram stated in an email to stakeholders on September 25 with new information regarding the cyberattack, which BleepingComputer obtained, that customers can now transfer payments again.
However, the payment platform acknowledged that corporate systems had been compromised, law enforcement, other cybersecurity experts, and CrowdStrike's investigation revealed no proof that ransomware was the cause of the attack.
"After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services," the payment platform stated.
"We recognize the importance of system security as we take these actions. We restored our systems only after taking extensive precautionary measures. At this time, we have no evidence that this issue involves ransomware nor do we have any reason to believe that this has impacted our agents' systems.”
While MoneyGram has not officially identified a specific threat actor, the techniques are similar to those used by Scattered Spider, a loosely organised hacker organisation.
In September 2023, Scattered Spider was responsible for a cyberattack against MGM Resorts, which they breached by impersonating an MGM employee and calling the IT help desk to change the password. Following their successful network intrusion, the threat actors encrypted hundreds of VMware ESXi systems using the BlackCat ransomware.
