A seemingly very serious cyber attack has temporarily put major money transfer service MoneyGram out of business for at least several days. Details of the attack remain thin, but the company’s services remained unavailable nearly a week after first going offline on September 20.
MoneyGram has confirmed a “cybersecurity issue” of some manner and has told the media that it is working to restore its systems as well as with law enforcement to investigate the matter. The company says that all pending transfers will process as soon as its systems are restored.
Attack on MoneyGram snarls international money transfers
MoneyGram is one of the world’s largest money transfer services and operates in hundreds of countries. One of its biggest user demographics is migrants working in foreign countries, particularly the US, looking to send money back home. However, business customers are also impacted as the cyber attack appears to have caused a total shutdown of all its services. In total the company processes about $200 billion in money transfers each year and serves about 50 million people around the world.
Some of its customers that are in precarious financial positions are now stuck waiting the better part of a week for service to be restored after the cyber attack. A Tuesday post on social media indicated that the company had restored “some key systems,” but money transfers remained unavailable as of Wednesday.
As to what exactly happened with the cyber attack, there is not yet any public comment from the Texas-based company. However, the length and the severity of the outage points to ransomware. The fact that the company is spending an extended period of time restoring key systems further points to a refusal to pay a ransom demand and recovery from backups.
The outage has had at least a minor impact on some downstream businesses. One example is the UK Post Office, which has integrated MoneyGram services in a number of its branches throughout the country. These similar partners are also unable to facilitate money transfers while the company’s systems are down.
Customers await further details on MoneyGram cyber attack
This cyber attack is an unusually worrying one for potentially impacted parties, given the fact that ransomware attackers now routinely steal data prior to encrypting their targets. MoneyGram customers trust the company with bank details along with other potentially sensitive pieces of personal information. They are left waiting for the company to provide more detail about the incident, and whether any pending money transfers could possibly be impacted. The news is especially concerning as MoneyGram first reported the money transfer shutdown as a “network outage” last week.
The incident puts a spotlight on an unresolved challenge that remains when cyber attacks that involve ransomware manage to penetrate an organization: the general advice from governments and security experts is to refuse to pay the ransom, but even when companies are on top of their backups and network segmentation they can still experience major business shutdowns while restoring files and ensuring that systems have been scrubbed of the threat actor’s presence. The situation was perfectly illustrated by the MGM and Caesars breaches of 2023, two rival companies that have properties right next to each other on the Vegas Strip; MGM did the “right” thing and restored from backups, but suffered chaos at its properties for over a week, while Caesars made the ransom payment and subsequently picked up on the business that migrated over from its compromised competitor.
MoneyGram, which was founded in 1998, does not have much of a prior history of being hit by cyber attacks. But the service is popular with scammers that prey on senior citizens, which sometimes involve social engineering aspects in tricking them into money transfers. A popular scheme for years has been to pretend to be a family member of a senior, usually a child or grandchild, and that is something that is now assisted by AI tools and deepfake audio that can put together a much more convincing impersonation package. MoneyGram settled a 2012 case brought by the Department of Justice for aiding and abetting fraud schemes due to a lack of necessary internal security and verification measures; after over ten years, tens of thousands of seniors that were scammed began receiving disbursements of funds to compensate them for their losses.
Finance is the industry most frequently targeted by cyber attacks, for obvious reasons; only health care and manufacturing tend to suffer more total successful breaches each year, and generally only because these organizations tend to have a lower level of security. The breach of a money transfer service allows ample opportunity for criminals to make money, and Nick Tausek (Lead Security Automation Architect at Swimlane) notes that persistence often eventually pays off for them: “Financial services organizations are prime targets for cybercriminals, holding large amounts of money and sensitive data. These challenges are exacerbated by the increasing complexity of financial services operations, driven by the rapid pace of digital transformation. According to Swimlane research, 42% of financial organizations have experienced at least one breach with a total cost of $1 million or more. To better protect the sensitive data and money of their customers, financial service providers must prioritize a proactive approach to their security measures. Technological innovation and speed are essential in this industry, but they are meaningless without a strong security foundation.”
As Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, notes: “While it hasn’t been confirmed whether money or data was exposed in the recent MoneyGram breach, the incident underscores the importance of proactive security defenses and rigorous testing. By validating their defensive controls, organizations can identify vulnerabilities and better defend against common ransomware tactics used to target the financial services industry.”
Renuka Nadkarni, Chief Product Officer at Aryaka, adds:
“To proactively identify threats and ensure uninterrupted network operations, organizations must transition from fragmented security architectures to a unified, single-pass model. This streamlined approach empowers IT and security teams to tackle multiple security challenges simultaneously, including access control, threat protection, and data leakage prevention – all without sacrificing performance.”