Two weeks after a cyber attack and shutting down parts of its infrastructure, MoneyGram has revealed more details about the incident, confirming that, contrary to many speculation, this was not a ransomware attack.
A letter sent to stakeholders at the end of September 2024, seen by BleepingComputerexplains that MoneyGram engaged CrowdStrike, law enforcement, and other cybersecurity professionals to investigate the matter, and the conclusion was this was not a ransomware attack:
“After working with leading third-party cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational and we have resumed money transfer services,” the email reportedly said. “We recognize the importance of system security as we take these actions. We only restored our systems after taking extensive precautions. At this time, we have no evidence that this issue is ransomware-related, nor do we have any reason to suspect assume that this has affected our officers’ systems.”
No evidence of ransomware
MoneyGram is a global money transfer and payment services company that allows individuals and businesses to send and receive money internationally. It offers services including peer-to-peer money transfers, bill payments and money orders, with operations in more than 200 countries and territories.
On September 20, customers took to social media (X, Facebook, Reddit) to complain about services not working properly, the website being offline, and other concerns. Three days later, the company responded to the claims, saying it was dealing with a network outage, and later confirmed it was dealing with a “cybersecurity issue.” In response to this issue, MoneyGram has shut down parts of its IT systems, including both online and in-person transactions.
This led the media and customers to speculate that MoneyGram had suffered a ransomware attack, even though no threat actors claimed to be responsible for the attack.
Money transfer services are back online, MoneyGram concluded.