MoneyGram has provided new details following a recent cyberattack, putting to rest widespread speculation that the incident was caused by ransomware. After a thorough investigation, the global money transfer company confirmed that there is no evidence to suggest ransomware was responsible.
Cybersecurity experts brought in
In a letter sent to stakeholders in late September 2024, MoneyGram disclosed that it had enlisted the help of top cybersecurity firms, including CrowdStrike, alongside U.S. law enforcement, to probe the cyberattack. The findings made it clear that ransomware was not involved in the incident.
The statement, shared with the media, said, “After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services. We recognise the importance of system security as we take these actions. We restored our systems only after taking extensive precautionary measures. At this time, we have no evidence that this issue involves ransomware, nor do we have any reason to believe that this has impacted our agents’ systems.”
This clarification comes after two weeks of public concern and speculation, during which some media outlets and customers suggested that the company had been the victim of a ransomware attack. However, the investigationโs outcome now refutes these claims, offering some relief to the companyโs stakeholders and clients.
Incident response and system restoration
MoneyGram, which operates in over 200 countries and territories, was forced to take parts of its infrastructure offline in response to the cybersecurity incident. Customers started reporting issues with the companyโs services on September 20, noticing outages with online and in-person transactions. The company’s website was also affected, leading to frustration among users who could not access essential money transfer services.
Three days later, MoneyGram acknowledged the situation publicly, confirming a “network outage” and later a โcybersecurity issue.โ This led to widespread rumours of a ransomware attack, especially given the recent rise in such incidents affecting major companies worldwide.
As a precaution, the company swiftly shut down parts of its IT systems, temporarily suspending services to mitigate potential risks. However, MoneyGram has now confirmed that most of its services have been restored, and customers can once again send and receive money through the companyโs channels.
No ransom demands or affected agents
One of the key concerns during the incident was whether MoneyGramโs agentsโwho facilitate in-person transactions in many parts of the worldโhad been impacted. The company reassured stakeholders that it had no evidence to suggest its agentsโ systems were compromised during the attack.
Despite the initial speculation, no threat actors came forward to claim responsibility, supporting the conclusion that this was not ransomware. Ransomware incidents typically involve hackers encrypting company data and demanding payment to restore it. In MoneyGram’s case, this pattern did not emerge, and the focus shifted to restoring services securely.
MoneyGramโs money transfer services have resumed, and the company is taking additional steps to bolster its cybersecurity defences. With the investigation into the cyberattack ongoing, MoneyGram remains cautious but confident that the situation is under control.
MoneyGram’s swift response and cooperation with law enforcement and cybersecurity experts have likely prevented a more severe breach. The company is continuing to monitor its systems closely to ensure there are no further disruptions.
