New Bitcoin Ransomware from Iran Encrypts Entire Networks in No Time

Iranian cybercriminals are demanding Bitcoin ransoms from Israeli companies


  • No trace of other ransomware strains
  • Six-figure ransoms

In its follow-up report published on Nov. 12, American-Israeli cybersecurity firm Check Point has tracked down the origin of Bitcoin ransomware that has successfully attacked numerous companies in Israel over the past few weeks.

In partnership with blockchain forensics firm WhiteStream, Check Point researchers have linked a series of ransoms to Iranian cryptocurrency exchange Excoino after scrutinizing wallet addresses left in ransomware notes.


Image by

No trace of other ransomware strains

In late October, Israeli networks became the target of a sophisticated ransomware campaign dubbed “Pay2Key.”

Read Also:   HKEX CEO ‘Disappointed’ that Ant Group’s $35B IPO Was Suspended

The attacks—which were not related to any previously known malware strains—were first covered in Check Point’s security alert dated Nov. 6.

The ransomware is capable of encrypting the victim’s computer within one hour. The bad actors have created an Onion website to leak the corporate data of non-paying companies:

So far, the non-paying victims of this double extortion attack are three Israeli companies, and by the time this report is published there might be more of them. The leaked data of each victim company was uploaded to a dedicated folder on the website, accompanied with a tailored message from the attackers.

Interestingly enough, whoever was behind the attack used an EOS logo on Keybase, but they most likely chose a random photo from Google Images.

Read Also:   ZM Stock Up 3%, High Demand for Zoom App Anticipated as New York Closes All Schools


Image by

Six-figure ransoms

The Check Point findings are not particularly surprising given the geopolitical tensions between the two countries. In 2020, the Iranian cyber force has carried out several attacks on the Israeli power grid.

The Pay2Key operators require their victims to pay relatively modest ransoms that range from 7 to 9 BTC ($112,000 to $114,000 at press time). So far, at least four companies have decided to comply with the hackers’ demands after their deposits were traced by blockchain sleuths.

As reported by U.Today, DarkSide hackers forced one corporation to pay over $1 mln before sending some of their proceeds to charities in a Robin Hood-like move.

Read Also:   Netflix Focuses on Content Localization to Drive Growth in APAC
Google Play

Source link

What do you think?


Leave a Reply



The truth about Bitcoin’s uncorrelated asset status

Bitcoin Showdown With Governments Could See It Banned—But Markets Don’t Care