A recent report published by management consulting firm, Accenture, indicates that malware used by Iranian technology-criminals demanding ransom in cryptocurrencies is set to escalate. Increase in such ransomware crimes is attributed to the continued pressure by the latest US sanctions against Iran.
The report also states that Iranian crypto-seeking criminals may not mount a cyber attack against Europe or the United States of America. Instead, they would focus on their immediate neighbors Saudi Arabia and the United Arab Emirates for their collusion with the United States new president Donald Trump to impose new sanctions and to withdraw from the nuclear deal that was in effect historically.
Five types of ransomware
Accenture has identified five types of ransomware of which some of them are known to make staggering demands for cryptos as ransom. Their analysis led to the identification of hackers belonging to a specific geographical region, Iran. Additionally, the samples of the messages of ransomware were written in the local Iranian language of Farsi. Additionally, other clues also indicated that the computer systems for the ransomware demands were Iranian in origin.
The first of such ‘demands’ discovered in November 2017, when a z Script variant was found by Accenture. Called as “wanna smile” this ransomware was known to demand bitcoin payment of 20 coins in a ransom note written in Farsi. It also included advertisement of payment processes and exchanges located in Iran for the victims to acquire the cryptocurrency.
In February 2018, Accenture discovered another ransomware named “Black Ruby.” In this, the malware was programmed to exclude computers that have IP addresses belonging to Iran. All other computer systems were encrypted and unscrambled such that the target files that infect the machine would direct the computer system to mine for the cryptocurrency Monero or XML. This malware demanded a ransom of bitcoins valued at $650.
In its analysis, the company found that the increase in ransomware activity by Iranian criminals was an indication that they were financially motivated to pressurize global organizations to gain cryptocurrency and make financial gains.
US exit from the accord
The report published by Accenture security iDefense is the result of 2 years of analysis by the premier consulting firm. The company had invested in evaluating the pattern of cyber threats an identified that the emerging trends from Iran are all set to intensify.
The research from the management firm attributes the reason for future escalation in threats from the West Asian country due to the pressure exerted by the new economic policy, where new sanctions by us government would be imposed on the country. Lately, the US had exited from the earlier Iranian nuclear accord and forced Iran into a defensive position with long-term economic impact.
Tough economic situations
The reimposition of economic sanctions according to the research firm is a trigger point for ransomware demand and threats by Iran-based criminals to penetrate cybersecurity walls across the world. The economic sanctions are expected to impact Iran’s financial and economic status and would lead to criminals using crypto-ransomware for ‘financial gains.’