Money Message attacks Toscana-Promozione

Incident Date:

October 3, 2023

World map

Overview

Title

Money Message attacks Toscana-Promozione

Victim

Toscana-Promozione

Attacker

Money Message

Location

Florence, Italy

Tuscany, Italy

First Reported

October 3, 2023

The Money Message Ransomware Attack on Toscana-Promozione

The Money Message ransomware gang has attacked Toscana-Promozione. Toscana Promozione, also known as Toscana Promozione Turistica or Toscana Promozione Turismo, is an organization responsible for promoting tourism and economic development in the Tuscany region of Italy. Tuscany, known for its rich cultural heritage, historical cities, beautiful landscapes, and world-renowned art, is a popular tourist destination. Money Message posted Toscana-Promozione to its data leak site on October 3rd but provided no further details.

Understanding Money Message Ransomware

Money Message is a form of ransomware that employs encryption to lock files and leaves behind a ransom note named "money_message.log." Distinguishing itself from the majority of ransomware variants, Money Message refrains from altering file names by not appending its extension to them. It is typically employed by cybercriminals to coerce victims into making monetary payments. Within the ransom note, victims are apprised that their files have been encrypted and are presently inaccessible without a decryption tool. The decryption tool, crucial for file retrieval, is made available upon payment of a ransom.

Caution is advised against independent decryption attempts, as such actions could result in permanent file damage. Included in the ransom note is a hyperlink to facilitate further communication and the ransom payment, conducted via the Tor browser for added anonymity. The note also carries a warning of impending online exposure of the encrypted files, such as posting them on a blog, should the ransom payment remain outstanding.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.