Sergey Nivens - stock.adobe.com

Money transfer firm MoneyGram rushes to contain cyber attack

Money transfer specialist MoneyGram services remain down several days after a network outage developed into a full-blown cyber security incident

MoneyGram, a US-based financial services firm that enables users to transfer money, pay bills and trade in cryptocurrencies, has been forced to suspend services in the wake of an ongoing cyber security incident, the precise nature of which remains unclear.

The issue appears to have begun sometime on Friday 20 September, when customers began to report problems, but it was at first identified as a simple network outage affecting connectivity.

Following further investigation, MoneyGram posted more details of the incident to social platform X on Monday 23 September.

It said: “MoneyGram recently identified a cyber security issue affecting certain [parts] of our systems. Upon detection, we immediately launched an investigation and took protective steps to address it, including proactively taking systems offline which impacted network connectivity.

“We are working with leading external cyber security experts and coordinating with law enforcement,” the statement continued. “We recognise the importance and urgency of this matter to our customers and partners. We are working diligently to bring our systems back online and resume normal business operations.”

Among the downstream customers affected are the Post Office in the UK, which offers access to MoneyGram services in branches up and down the country.

In a brief statement posted to its website, the Post Office said: “For now, you can’t use MoneyGram services online or in branch, including online support. Sorry for the inconvenience.”

Speculation

Inevitably, discussion of the ongoing incident will draw speculation that MoneyGram has fallen victim to a ransomware attack of some nature – the fact that it has been forced to take some of its own systems offline to contain the attack is often a strong indication that financially motivated cyber criminals have gained access to a network and deployed a ransomware locker. However, at the time of writing, MoneyGram has made no statement in this regard.

Akhil Mittal, senior security consulting manager at the Synopsys Software Integrity Group, said that money transfer services made tempting targets for cyber criminals since they handle large amounts of digital case and hold extremely sensitive data. That MoneyGram appears to have been attacked is therefore not altogether surprising.

“The challenge is balancing security with keeping services running,” said Mittal. “By taking everything offline, MoneyGram clearly put security first, but it also highlights a common struggle in the financial sector – how do you protect sensitive data without shutting down the business? Are companies ready to handle that challenge?

“For IT teams, the first step is keeping customers updated. Customers need updates while teams isolate the threat, clean systems and ensure everything is secure before bringing services back online. Partnering with cyber security experts, as MoneyGram is doing, can help speed up recovery.

“This isn’t just a technical problem, it’s affecting real people,” he added. “In places like Jamaica [where the outage is causing disruption to remittances from Jamaicans living and working abroad], families depend on these transfers for daily expenses; outages like this have a real impact. It’s important to consider how these disruptions affect communities that rely on remittances.”

More recent cyber incidents

  • London’s transport network provider TfL experiences cyber security incident, but reassures customers there is no impact on services.
  • A major cyber attack at NHS services provider Synnovis is disrupting frontline care at hospitals across London.
  • A ransomware attack on the systems of publisher and social enterprise Big Issue Group has been claimed by the Qilin gang.

Read more on Hackers and cybercrime prevention