Iranian malware requiring digital redemption in cryptocurrencies is increasing and will further intensify in the current geopolitical climate, according to a report published by the global management consulting firm Accenture on 7 August.
After two years of analysis, Accenture Security iDefense expects emerging trends in Iran's cyber threats to escalate as the country is forced into a defensive and economically restrictive position in the wake of the American exit from the agreement Iranian nuclear era was Obama this spring.
With the United States ready to imminent resetting the harsh economic sanctions, Accenture warned that the ransomware he found "may have been created by government-backed actors or Iranian criminals, or both," according to the Wall Street Journal ( WSJ).
Accenture has tracked down five new types of ransomware, some of which require "cracking" cryptocurrencies – which its analysis traced back to Ira's hackers based on samples containing fictitious messages and other clues pointing to Iranian information systems .
"WannaSmile" – a variant of zCrypt that Accenture discovered in November 2017 – requires a payment of 20 Bitcoins (BTC) in a ransom demand and also advertises Iran-based payment processors and exchanges through which the victims can acquire the cryptocurrency.
Another sample, "Black Ruby", has been programmed to save computers with an Iranian IP address, but otherwise encrypts and scrambles the target files, as well as infecting the machine with a resource-hungry Monero (XML) miner. The redemption for the so-called Black Ruby, discovered by Accenture in February 2018, is $ 650 in BTC.
The report states that the increased ransomware activity suggests that Iran-based actors are "financially motivated to turn to global organizations using ransomware and cryptocurrency miners for financial gains", although he notes that
"On the basis of current Iranian politics, the feud could not lead to a destructive or destructive cyber attack against the United States or European counterparts in the near future."
Accenture The report adds whereas the Iranian government could instead direct its neighbors – such as Saudi Arabia, the United Arab Emirates, Bahrain and Israel – as they supported the US decision to withdraw the nuclear agreement.
Jim Guinn, head of the cybersecurity business Accenture business, told the WSJ that hidden cryptocurrency attacks – also known as remote encryption – have already caused "significant problems in some gas and oil structures in the Middle East, "estimating that" millions of dollars of computing cycles have been hijacked in the last 12 months and continue to be hijacked every day. "
Among the geopolitical repercussions, economic turbulence in Iran has seen some citizens turn encrypt in an attempt to protect their funds. In May, it is estimated that the Iranians have stolen $ 2.5 billion from the country in the crypt, despite the central bank's move to prohibit local financial institutions from encrypting early this spring.