Iranian Hackers are Developing Ransomware to Secure Bitcoin

Cybersecurity experts have come up with the warning that Iranian Hackers, in the face of the economic issues that the country is likely to face, have started developing ransomware that they would use to secure bitcoin. This warning has been delivered by cybersecurity experts who were interviewed by The Wall Street Journal.

The Wall Street Journal reports- “Iranian hackers are developing software attacks that render computer systems inoperable until a digital ransom is paid, a new report says, a threat that comes as the U.S. moves to reimpose tough economic sanctions on the country.”

The cybersecurity intelligence at Accenture PLC has been following, for the last two years, five ransomware variations developed in Iran. Jim Guinn, who is the Global Managing Director for Accenture’s Cybersecurity Practice in Energy, Utilities, Chemicals & Mining, points out that the hackers who are behind this ransomware are hoping to secure payments in cryptocurrencies.

The Accenture Mid-Year Threatscape Report also discusses this in detail and predicts an escalation of Iran-based cyber-threat activity. An Accenture press release (dated August 7, 2018), which discusses the Accenture Mid-Year Threatscape Report, states- “Although Iran is generally perceived as an emerging cyber power, new evidence shows Iran-based threat actors and state-sponsored groups are expanding their malicious activities and capabilities.” The release further says that “…analysis has identified the emergence of Iran-based ransomware, indicating that Iranian cybercrime actors are likely to target global organizations by using ransomware as well as cryptocurrency miners for financial gain.”

Several clues obtained during the probe link the ransomware to Iran. Reports say that these ransomware samples include messages in Farsi that are connected to computers based in Iran.

The web portal ccn.com reports- “Several clues link the ransomware to Iran. Samples include messages in Farsi that are connected to Iran based computers. A recent Accenture report noted the ransomware could be driven by Iranian government supported parties, criminals, or both.”

The ccn.com report also says- “One variant of ransomware that iDefense discovered has been linked to Iran’s government, according to CrowdStrike Inc., another cybersecurity firm. The software, called Tyrant, was developed to discourage Iranian citizens from downloading software designed to discourage government snooping, CrowdStrike noted…Palo Alto Networks Inc. and Symantec Corp. issued reports last month that described a pair of data stealing operations connected to Iran.”

It is reported that crypto mining software, which is used to steal computers’ processing power and use the same to mine cryptocurrencies, have also been linked to Iran. In its extensive report, ccn.com states- “Accenture cited crypto mining software installed on Middle Eastern customer networks equipped with digital clues to Iran. Crypto mining software has created problems in gas and oil facilities in the Middle East, Guinn (Jim Guinn) said. He estimated millions of dollars of compute cycles have been stolen in the last year.”

Iran, however, has claimed that it is not in any way involved in cyber attacks and states that on the contrary, it has always been a victim of hacking attacks.

Ccn.com, however, adds- “A cyber attack called Stuxnet initiated by the U.S. and Israel about a decade ago disabled uranium-enrichment centrifuges for Iran’s nuclear program. Iran has since focused on enhancing its own cyber capabilities, according to government officials and security researchers…Keith Alexander, chief executive of IronNet Cybersecurity Inc. and former director of the U.S. Cyber Command and the National Security Agency said crypto mining and theft is a way for cash-strapped countries to make fast profits.”