Pay2key Ransomware (from Check Point)
Iranian based Pay2Key hackers have claimed that the Israel Aerospace Industries is their latest victim. Israel Aerospace Industries has not confirmed that the claims are accurate.
Last month Check Point Software researchers revealed that the Pay2Key ransomware came from Iran. They did so by following the money, watching the bitcoin “wallets” into which ransom paid by some of the victims went.
The same wallets were reused for the ransom payments of different victims. The bitcoins were then transferred to an intermediate wallet and the to a final wallet address associated with a high activity cluster. Check Point used WalletExplorer service to help uncover the location of the final wallet. This led to Excoino which is an Iranian company that provides secure cryptocurrency transactions services for Iranian citizens.
–
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at [email protected].
Thank you.
1 Goal
2 try
3 Spacecraft
4 yearsIAI is proud to initiate #Beresheet2, Israel’s 2nd spacecraft to the moon. We will extend the boundaries of human knowledge and inspire generations of discovery.
To the moon and beyond!@TeamSpaceIL @PresidentRuvi @ILSpaceAgency @most_il pic.twitter.com/7JJZ6bRfvM
— Israel Aerospace Industries (@ILAerospaceIAI) December 16, 2020
Ransomware works by taking control of a victim’s computer or even the entire systems of a private organization through a type of computer virus. Thea attackers then extort a fee in exchange for returning control of the computers affected to their owners. The people behind Pay2Key have demanded in the past payments of more than $100,000 in Bitcoin in exchange for returning control of a victim’s systems.
The Pay2Key attacks date back to last June.
A Twitter account called “Winter is Coming (Pay2Key)” has been posting boasts from the hackers. It released the following taunts of IAI on Sunday:
“Knock Knock! Tonight is longer than longest night for @ILAerospaceIAI,”
“IAI might think they have the most protected network, but this should be backed with proof.”
“They thought they had the most protected network, the night will be longer than usual for the aerospace industry.”
“New logo appeared in #Pay2Key directory, check it out!”
One question you might be asking yourself right now is why Twitter has not banned this account.
Observers says that Israel should not be surprised by the recent hacking attacks against its businesses and government agencies. This is because Israel allegedly engaged in similar attacks against Iran in an attempt to thwart that country’s nuclear development program.
