Major Canadian fintech Moneris claimed by Medusa ransomware


Moneris, a payment processing business used by Starbucks and IKEA, has been listed on Medusa ransomware’s dark web blog. The company confirmed to Cybernews threat actors indeed attempted a ransomware attack.

Medusa listed Moneris on its blog, which is used to showcase its latest victims, mid-Monday. The post includes several samples of the supposedly stolen data.

Screenshots that the attackers provided include email conversations, transaction data such as transferred amounts, and other sensitive details.

Meanwhile, Moneris confirmed an external party attempted an attack on the company. However, the company claim the intrusion was thwarted by the company's cybersecurity team and "Moneris and its customers were not impacted."

"Following the attempt, our team did a full audit and analysis of the incident, reviewed all information, and concluded none of our Digital Loss Prevention policies were triggered," Moneris spokesperson told Cybernews.

Moneris data leak
Moneris posted on Medusa's leak site. Image by Cybernews.

The cybercrooks’ post suggests they’re demanding the company pay $6 million to return the stolen data. However, paying attackers doesn’t always mean that data is safe, as cybercriminals sometimes take the money and publish it anyway.

Moneris offers credit, debit, wireless, and online payment services and point-of-sale (POS) terminals for merchants. The company’s services are used by over 300,000 merchants in Canada.

Major brands such as McDonald’s, IKEA, and Starbucks use Moneris to process payments. A 90-minute outage of Moneris services in late September caused disruptions all over the country.

The company was established as a joint venture between the Royal Bank of Canada and the Bank of Montreal. Moneris processes 3.5 billion credit and debit card transactions a year and employs nearly 2,000 people.

The Medusa ransomware gang began operating around the end of 2022 and has been consistently active. According to Ransomlooker, a Cybernews ransomware monitoring tool, Medusa has attacked at least 119 organizations over the past 12 months.

Medusa ransomware is believed to be operating under the Ransomware-as-a-Service (RaaS) model, where threat actors with limited technical skill use malware devised by sophisticated developers. Affiliates later share ransom money with the developers.

Updated on November 13 [05:25 PM GMT] with a statement from Moneris.


More from Cybernews:

What Omegle teaches us about online vulnerabilities

Nepal bans TikTok over “social harmony” fears

Palestine is at the edge of ‘no internet’ sparking human rights concerns

Attackers claim Plume data breach

South Korea exposes 38 Chinese-run fake news websites

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked