New Bitcoin Ransomware from Iran Encrypts Entire Networks in No Time

News
Thu, 11/12/2020 - 14:39
article image
Alex Dovbnya
Iranian cybercriminals are demanding Bitcoin ransoms from Israeli companies
New Bitcoin Ransomware from Iran Encrypts Entire Networks in No Time
Cover image via stock.adobe.com
Contents

In its follow-up report published on Nov. 12, American-Israeli cybersecurity firm Check Point has tracked down the origin of Bitcoin ransomware that has successfully attacked numerous companies in Israel over the past few weeks.

In partnership with blockchain forensics firm WhiteStream, Check Point researchers have linked a series of ransoms to Iranian cryptocurrency exchange Excoino after scrutinizing wallet addresses left in ransomware notes.

Image
Image by research.checkpoint.com

No trace of other ransomware strains

In late October, Israeli networks became the target of a sophisticated ransomware campaign dubbed "Pay2Key."

The attacks—which were not related to any previously known malware strains—were first covered in Check Point's security alert dated Nov. 6.

The ransomware is capable of encrypting the victim's computer within one hour. The bad actors have created an Onion website to leak the corporate data of non-paying companies:

So far, the non-paying victims of this double extortion attack are three Israeli companies, and by the time this report is published there might be more of them. The leaked data of each victim company was uploaded to a dedicated folder on the website, accompanied with a tailored message from the attackers.

Interestingly enough, whoever was behind the attack used an EOS logo on Keybase, but they most likely chose a random photo from Google Images.

EOS
Image by research.checkpoint.com

Related $4,500,000 Bitcoin Ransom Paid by Travel Giant CWT
Related
$4,500,000 Bitcoin Ransom Paid by Travel Giant CWT

Six-figure ransoms

The Check Point findings are not particularly surprising given the geopolitical tensions between the two countries. In 2020, the Iranian cyber force has carried out several attacks on the Israeli power grid.

The Pay2Key operators require their victims to pay relatively modest ransoms that range from 7 to 9 BTC ($112,000 to $114,000 at press time). So far, at least four companies have decided to comply with the hackers’ demands after their deposits were traced by blockchain sleuths.

As reported by U.Today, DarkSide hackers forced one corporation to pay over $1 mln before sending some of their proceeds to charities in a Robin Hood-like move.

article image
About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at alex.dovbnya@u.today.