Home News Moneris Attack

Moneris Confirms Attempted Ransomware Attack on Canada's Largest Payment Processor

In December 2023, Moneris, Canada's largest payment processor serving over 325,000 merchants, disclosed that it had successfully defended against an attempted Medusa ransomware attack targeting its payment infrastructure.

December 2023 By CyberSafe Threat Intelligence Team Ransomware Financial Services

In December 2023, Moneris Solutions Corporation disclosed that it had successfully defended against an attempted ransomware attack by the Medusa ransomware gang. While the attack was ultimately unsuccessful, the incident highlighted the critical importance of payment processors' security infrastructure and the devastating consequences a successful attack could have on Canada's payment systems. Moneris processes transactions for over 325,000 merchants across Canada, making it essential infrastructure for commerce, retail, hospitality, and healthcare sectors.

About the Attack

In early December 2023, Moneris' security infrastructure detected suspicious activity indicating that threat actors had attempted to deploy ransomware across its systems. Investigation revealed that attackers had gained initial access to Moneris' network through compromised credentials, likely obtained through phishing or credential stuffing attacks. The threat actors conducted reconnaissance and attempted to establish persistence mechanisms before deploying the Medusa ransomware payload.

Moneris' security monitoring systems detected the attack before widespread encryption could occur. Rapid incident response procedures contained the threat and prevented deployment of ransomware across critical payment processing systems.

Why Moneris Is a Critical Target

Moneris represents an extremely attractive target for ransomware gangs because of its critical role in Canadian commerce:

  • Processes transactions for over 325,000 merchants across Canada
  • Handles approximately 20% of all Canadian credit card transactions
  • Serves retailers, restaurants, healthcare providers, and government organizations
  • Disruption would impact entire sectors of the Canadian economy
  • High-value target for extortion due to critical nature of services
  • Likely to pay substantial ransoms to avoid system disruption

The Medusa Ransomware Group

Medusa is an emerging ransomware-as-a-service operation that has been gaining prominence in 2023 and 2024. The group is known for:

  • Targeting high-value organizations across multiple sectors
  • Aggressive double-extortion tactics
  • Targeting of payment processors and financial institutions
  • Use of stolen credentials for initial access
  • Sophisticated reconnaissance and lateral movement techniques
  • Willingness to negotiate and sometimes accept partial payments

Response and Resilience

Moneris' successful defense against the attack reflected investment in security infrastructure:

  • Advanced threat detection and monitoring systems identified suspicious activity
  • Rapid incident response procedures contained the threat
  • Network segmentation prevented lateral movement to critical systems
  • Multi-layered security controls prevented malware deployment
  • Backup systems enabled restoration of systems if encryption had occurred

Moneris confirmed that merchant data, customer payment information, and transaction processing capabilities remained secure throughout the incident.

Broader Payment Infrastructure Implications

The attempted attack on Moneris highlighted significant risks to Canada's payment infrastructure. A successful ransomware attack against a major payment processor could have cascading effects:

  • Disruption of payment acceptance at hundreds of thousands of locations
  • Inability for merchants to process credit and debit cards
  • Economic disruption as businesses struggle to accept payments
  • Potential compromise of payment card data affecting millions of consumers
  • Ripple effects through retail, hospitality, healthcare, and government sectors

Industry Response and Coordination

The attempted attack prompted increased coordination between Canadian payment processors, banks, and government agencies to strengthen payment infrastructure security:

  • Information sharing about threats targeting financial services
  • Enhanced monitoring and detection protocols
  • Increased security funding and resources for payment processors
  • Coordination with law enforcement on threat investigations
  • Industry best practices for resilient payment systems

Lessons for Financial Services Organizations

The Moneris incident underscored critical security principles:

  • Credential management and access controls must be robust and multi-layered
  • Real-time threat detection and monitoring is essential for rapid response
  • Network segmentation protects critical systems from lateral movement
  • Backup systems must be independent and tested regularly
  • Incident response procedures must enable rapid containment
  • Security culture and employee awareness training prevent initial compromise

How CyberSafe Can Help

Financial services organizations and payment processors require the highest level of cybersecurity expertise. CyberSafe's Managed Security Services provide 24/7 monitoring and threat detection specifically designed for payment systems and financial infrastructure. Our Offensive Security Services include penetration testing and red team exercises that identify vulnerabilities before attackers can exploit them. We help financial institutions implement resilient security architectures that maintain business continuity even during sophisticated attacks.

Sources