MoneyGram has provided new details following a recent cyberattack, putting to rest widespread speculation that the incident was caused by ransomware. After a thorough investigation, the global money transfer company confirmed that there is no evidence to suggest ransomware was responsible.
Cybersecurity experts brought in
In a letter sent to stakeholders in late September 2024, MoneyGram disclosed that it had enlisted the help of top cybersecurity firms, including CrowdStrike, alongside U.S. law enforcement, to probe the cyberattack. The findings made it clear that ransomware was not involved in the incident.
The statement, shared with the media, said, “After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services. We recognise the importance of system security as we take these actions. We restored our systems only after taking extensive precautionary measures. At this time, we have no evidence that this issue involves ransomware, nor do we have any reason to believe that this has impacted our agents' systems.”
This clarification comes after two weeks of public concern and speculation, during which some media outlets and customers suggested that the company had been the victim of a ransomware attack. However, the investigation's outcome now refutes these claims, offering some relief to the company's stakeholders and clients.
Incident response and system restoration
MoneyGram, which operates in over 200 countries and territories, was forced to take parts of its infrastructure offline in response to the cybersecurity incident. Customers started reporting issues with the company's services on September 20, noticing outages with online and in-person transactions. The company's website was also affected, leading to frustration among users who could not access essential money transfer services.
Three days later, MoneyGram acknowledged the situation publicly, confirming a “network outage” and later a “cybersecurity issue.” This led to widespread rumours of a ransomware attack, especially given the recent rise in such incidents affecting major companies worldwide.
As a precaution, the company swiftly shut down parts of its IT systems, temporarily suspending services to mitigate potential risks. However, MoneyGram has now confirmed that most of its services have been restored, and customers can once again send and receive money through the company's channels.
No ransom demands or affected agents
One of the key concerns during the incident was whether MoneyGram's agents—who facilitate in-person transactions in many parts of the world—had been impacted. The company reassured stakeholders that it had no evidence to suggest its agents' systems were compromised during the attack.
Despite the initial speculation, no threat actors came forward to claim responsibility, supporting the conclusion that this was not ransomware. Ransomware incidents typically involve hackers encrypting company data and demanding payment to restore it. In MoneyGram's case, this pattern did not emerge, and the focus shifted to restoring services securely.
MoneyGram's money transfer services have resumed, and the company is taking additional steps to bolster its cybersecurity defences. With the investigation into the cyberattack ongoing, MoneyGram remains cautious but confident that the situation is under control.
MoneyGram's swift response and cooperation with law enforcement and cybersecurity experts have likely prevented a more severe breach. The company is continuing to monitor its systems closely to ensure there are no further disruptions.
