A reemerged Iranian ransomware-as-a-service operation offers payments to cybercriminals for attacks on US and Israeli organizations. The updated Pay2Key malware incorporates capabilities from the Mimic ransomware. The operation, named Pay2Key.I2P, promises affiliates an 80% cut of the profits for successful attacks against Iran's enemies. The Morphisec threat research team analyzed the ransomware and identified similarities to the ELENOR-Corp Mimic variant. The group assures anonymity to its affiliates so they can continue operations without fear of repercussions, maintaining that there’s no true ceasefire in cyber engagement.
An Iranian ransomware-as-a-service operation with ties to a government-backed cyber crew has reemerged after a nearly five-year hiatus, and is offering would-be cybercriminals cash to infect organizations in the US and Israel.
The malware, an updated version of 2020's Pay2Key, previously linked to Tehran's Pioneer Kitten, now uses several of the Mimic ransomware's capabilities, according to the threat research team at Morphisec.
Collection
[
|
...
]