An Iranian-backed hacking group called Fox Kitten has been linked with a ransomware named Pay2Key that has been targeting organizations in Israel and Brazil.
According to experts, this particular ransomware is part of an ongoing digital showdown between Israel and Iran. Its recent stint has caused considerable damage to some of its victims.
- Since October this year, the Pay2Key attack has been used as a cover by the Iranian APT, while the actual aim was to rob valuable information from its victims.
- While it publicly exposed RDP to gain access and deploy malware payloads, it also exploited vulnerabilities present in various VPN software.
- With its ability to spread the ransomware within an hour to the entire network, Pay2Key was used o create panic instead of getting the ransom.
- A pivoting device was also used by the attackers for outgoing communication proxy between the infected devices and the C2 servers, helping them evade detection before encrypting all network systems.
This new ransomware has been utilized in various cyberattacks within Israel and some European countries.
- Recently, Pay2Key ransomware was used by some hackers to steal and leak data allegedly stolen from Habana Labs during a cyberattack.
- A group of researchers disclosed the activities of the ransomware targeting European firms, while a few Israeli companies also fell victim to the ransomware during the same time.
New and innovative tactics are used by various cybercriminals to take a big leap into the cybercrime space. Consequently, our internal experts suggest taking periodical backup of all the important data using strong passwords, enabling two-factor authentication for RDP servers, and using a reliable anti-malware solution to stay protected.
To read more, please check eScan Blog
