As the US gets ready to impose sanctions on Iran, hackers in that country are working on ransomware to secure bitcoin, according to cybersecurity experts interviewed by The Wall Street Journal.
Accenture PLC’s cybersecurity intelligence group has followed five Iranian built ransomware variations in the last two years. The hackers are hoping to secure payments in cryptocurrencies, according to Jim Guinn, who oversees the industrial cybersecurity business at Accenture.
Several clues link the ransomware to Iran. Samples include messages in Farsi that are connected to Iran based computers.
A recent Accenture report noted the ransomware could be driven by Iranian government supported parties, criminals, or both.
Ransomware has plagued both businesses and governments for years, having disabled payment systems at the San Francisco Municipal Transportation Agency, U.K hospitals and cargo shipments. Government supported hackers in some instances have obtained cryptocurrency payments from victims.
One variant of ransomware that iDefense discovered has been linked to Iran’s government, according to CrowdStrike Inc., another cybersecurity firm. The software, called Tyrant, was developed to discourage Iranian citizens from downloading software designed to discourage government snooping, CrowdStrike noted.
Palo Alto Networks Inc. and Symantec Corp. issued reports last month that described a pair of data stealing operations connected to Iran.
Crypto Mining Linked To Iran
Crypto mining software, which robs computers of their processing power to mine cryptocurrencies, has also been linked to Iran.
Accenture cited crypto mining software installed on Middle Eastern customer networks equipped with digital clues to Iran.
Crypto mining software has created problems in gas and oil facilities in the Middle East, Guinn said. He estimated millions of dollars of compute cycles have been stolen in the last year.
Source » ccn