Pay2Key, an Iranian ransomware gang, is only active since November but has already managed to wreak havoc on Israeli companies. The group focused on ransom attacks and has hit at least 80 Israeli firms, according to Haartez.

Recent days have seen reports of at least two serious cyber-attacks against Israeli companies.

The first targeted Israeli software firm Amital Data and some 40 of its clients, and the second was against Habana Labs, a processor producer working under Intel.

The two attacks are being attributed to the Iranian hackers Pay2Key, which is targeting Israeli firms at a rapid and alarming speed.

New details of the attack, revealed by OP Innovate, show its scope was much wider than previously known.

Cyber intelligence research conducted by OP Innovate and published this Wednesday reveals that the Iranian hackers managed to break into more than 80 targets in the Israeli market.

OP Innovate CEO Omer Pinsker, who led the research, and Shay Pinsker are aiding a number of Israeli firms as part of their response teams.

This access makes them especially poised to report about the attack and the attackers.

Sources within the company say they are trying, with the help of Israel’s cyber authority, to find and reach out to all the victims of the Iranian-attributed attack and even warn other potential targets.

Researchers from Check Point say an Iranian-based threat actor has successfully attacked multiple Israeli companies could soon go global.

A rapidly proliferating new ransomware strain that over the past two weeks has already impacted multiple large companies in Israel and a few in Europe soon could pose a major threat to organizations all over the world.

Check Point Software Technologies, which published a report today about the new so-called Pay2Key ransomware strain, said it’s almost certainly of Iranian origin and capable of encrypting an entire network in an hour or less.

As with many other ransomware tools, the authors of Pay2Key have mainly been exploiting exposed Remote Desktop Protocol (RDP) services to infiltrate victim networks and then expand their presence. It’s possible they may be using other vectors as well.

Source » see.news