Hackers Demand Bitcoin Ransom Following New Wave of Attacks

how to make a cryptocurrency 2

A group of researchers has located a new type of ransomware attack called Pay2Key executed against several Israeli and European companies. The perpetrators have requested the ransom to be paid with bitcoins, which the researchers have followed the funds to an Iranian cryptocurrency exchange.

A New Ransomware Attack On Israeli And European Firms

The updated research from the cybersecurity company CheckPoint reveals several that firms based in Israel have complained about being attacked in the past few weeks. They all reported that this ransomware had spread rapidly across their networks while leaving most parts encrypted along with a ransom note threatening to leak stolen corporate data unless the victim pays a demand.

Although the so-called Pay2Key attack was initially targeting Israeli companies only, new reports emerged claiming that at least a few European countries have fallen victims as well.

The research highlighted that some of the companies decided not to pay the ransom. The perpetrators stood true to their word and published their information online.

To do so, they created a new Onion website and inserted designated folders for each of the victims. So far, there have been three folders with firms’ details – all Israeli companies.

The Bitcoin Trace Imply Iranian Involvement

As mentioned above, the unknown attackers requested the demand to be paid in bitcoins. Each ransom note sent to the victims contained a Bitcoin address to which the victims need to send the funds. According to CheckPoint, at least four victims decided to pay.

As the transparent nature of the BTC blockchain stores all transactions, the researchers were able to follow the payments. They saw all transactions ending up on one address. From that point forward, the funds were redirected to a high activity wallet, which is typically associated with cryptocurrency exchanges.

Related  Ripple Price Analysis: XRP Loses Key Support, Is $0.20 In Sight?

Additionally, the researchers compared and verified that this final wallet belonged to an Iranian digital asset platform dubbed Excoino.

In case Excoino users want to withdraw funds, they need to provide a valid Iranian phone number, an ID/Melli code, and a copy of the ID. The exchange’s terms and conditions also read that the first transaction (or any suspicious transactions) will be reported to the Iranian Cyber Police (FATA) for further investigation.

Consequently, the researchers concluded that the owners of the final wallet could be Iranian citizens, “who most probably are behind the Pay2Key attack on Israeli companies last week.”

Previous articleCoinbase To Facilitate Bitcoin Payments For Select U.S. Passport Services
Having discovered about bitcoin and the blockchain in the early days, i now dedicate myself to teach the newcomers about how and why it works as well as how to trade it for a living.