New Iranian Ransomware Revealed By Israeli Cybersecurity Firm

Fox News- Israeli cybersecurity company Check Point revealed Thursday a new type of ransomware that is traced back to Iran. Iranian Ransomware

According to the report obtained by Fox News, the new, never-seen-before strain dubbed “Pay2Key” targeted more than a dozen Israeli companies a few weeks ago. The hackers used the Remote Desktop Protocol (RDP) of employees who worked from home.

According to the investigation carried out at Check Point, four Israeli victims of the attacks have decided to pay the ransom, which enabled its experts to track the payment transfers between crypto wallets. The researchers followed the Bitcoin route and found out that they all ended up in an Iranian exchange named Excoino. The Excoino website requires an Iranian ID and other details only Iranian citizens could have.

According to Check Point’s manager of threat intelligence, Lotem Finkelstein, there’s a global surge in ransomware.

“Pay2Key is sophisticated and far more rapid compared to other ransomware strains,” he said. “The recent Pay2Key ransomware attacks indicate a new threat actor has joined the trend of targeted ransomware attacks”

ICBPS: The Islamic Republic Of Iran Is Number One Cyber Terrorist

Finkelstein added that the actors implemented a rapid propagation mechanism, leaving significant parts of the victims’ network encrypted, along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid. “So far, the Pay2Key threat actors have lived up to their threats. We strongly urge organizations to be cautious, as we expect their targeting to expand into other regions in the world,” he said.

The hackers also implemented a double extortion method, where they’ve not only asked for money for removing the encryption caused by the ransomware but also asked for more money or else they would leak the data they have obtained.

ICBPS: Iranian Airliner Bolsters Terrorism

Earlier this week, Iranian cleric Rahim Mahdavipour said in a sermon that the Islamic Republic carried out at least two cyberattacks against Israel this year, the latest one successfully targeting Israel’s power plants. The sermon was delivered on Nov. 6 in Bojnurd, Iran, and was aired on Iranian Khorasan Shomali TV. It was translated into English by the Middle East Media Research Institute (MEMRI) and released Wednesday.

On Oct. 30, the Israel Electric Corporation confirmed that there was a power outage in many areas across the country but stressed it was not caused by a cyberattack. The Israeli cyber authority refused to comment.

These recent reports link to a few other suspected mutual cyberattacks from both sides in the past year.