Checkpoint unveiled a new ransomware virus whose traces lead to Iran
Posted on Nov 12, 2020 by Ifi Reporter - Dan Bielski
On Thursday, Checkpoint unveiled a new ransomware virus whose traces lead to Iran. The creators of the heresy have succeeded in harming a number of Israeli companies, including a leading law firm and a high-tech gaming company. The materials on the affected companies were partly leaked to Darknet as part of the infidelity attack. The ransom demanded by the attackers was about 7-9 bitcoins (currently about $ 112,000). It is important to note that this heresy is a new heresy and not the same one that has recently hit the Tower Company or the Sapphire Company.
Check Point experts state that the intrusion into companies was carried out through a mechanism for remotely connecting employees to the corporate network. Will be paid. " Check Point reported that in at least three cases, hackers did leak information belonging to organizations attacked by the dark web.
According to a test conducted at Check Point Laboratories, four Israeli victims of Pay2Key decided to pay the ransom, which allowed investigators to track the transfers of funds between Bitcoin wallets. In collaboration with Whitestream, an Israeli intelligence company in the field of blockchain, the researchers followed the sequence of bitcoin transactions carried out by the attackers and found that they all end in an Iranian bitcoin trading arena called Excoino. Tracking began with bitcoin wallet addresses given to victims in order to transfer the required ransom to them, proceeded to an intermediate wallet, and eventually to edge wallets associated with the Iranian Excoino.
Excoino is an Iranian entity that provides secure cryptocurrency transaction services to Iranian citizens only. Registration will require the user to have a valid Iranian phone number Iranian identity card. The stock exchange also requires a copy of the identity card itself in order to be eligible for money transfers. Based on this trajectory, Check Point investigators concluded that the attackers behind Pay2Key were most likely citizens of Iranian descent.
Articles Archive
Top Categories
ABOUT IFI TODAY
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum