Although Money Message is not a new ransomware group—it began operations on April 2, 2023—the group has only recently claimed its first victim of 2025:
🧬 Marin Family Medical (marinafamilymedical.com.au) in Australia.
So far, the group claims to have attacked organizations in 24 countries, according to its leak site.
In Africa, the only known target to date has been the Egyptian Tax Authority (ETA), which was compromised on November 17, 2024.
This indicates a targeted but global reach, with potential for expanded geographic focus in 2025. Organizations—particularly in healthcare and government—should stay alert for signs of Money Message activity.