Hackers in Iran have reportedly developed malicious malware programs that lock the files on users’ computers and then demand that a ransom be paid in cryptocurrency.
The users’ files and other programs on their computer remain inaccessible until the ransom is paid to the hackers. Notably, these attacks come at a time when the US-led economic sanctions on Iran are expected to be renewed in November.
Ramsomware Focused On Obtaining Crypto
In the last two years Accenture’s iDefense cybersecurity-intelligence unit has discovered five different versions of the ransomware program, which it thinks have been created by Iranian hackers. Jim Guinn, head of Accenture’s global cybersecurity business for energy, said that it seems the ransomware programs are being used in an effort to acquire cryptocurrencies, particularly Bitcoin (BTC).
Moreover, the malicious software programs that Accenture has found strongly suggest that they have been developed in Iran. Some versions of the ransomware have messages written in Farsi, Iran’s official language, Accenture’s intelligence group said.
There were also a number of other ransomware programs that the cybersecurity team found which were only designed to target users outside of Iran. If the program detected that a computer was located in Iran, then it did not lock the user’s system.
Hackers May Be Government-Backed
According to Accenture’s intelligence group, the ransomware may have been created by hackers working for Iran’s government or Iranian cybercriminals, or both. Guinn also revealed that Iranian hackers might have been responsible for installing crypto mining malware programs found on users’ computers in the Middle East.
Guinn further noted that crypto mining malware had been discovered on the computer systems of several oil and gas centres in the Middle East. Commenting on the severity of the problem, Guinn said his firm estimates that:
millions of dollars of compute cycles have been hijacked over the past 12 months and continue to be hijacked every day.
Cybersecurity Firms Spreading “False Advertisements”
Alireza Miryousefi, counselor and head of the press office at Iran’s United Nations mission responded by alleging that:
These claims come from private firms that have repeatedly embellished their capabilities and claimed spectacular findings in order to convince other private firms and foreign governments into buying their products.
Miryousefi also referred to Accenture’s cybersecurity research and findings as a “poorly made—and false—advertisement.”
Meanwhile, the Iranian government has continued to deny that it has been involved in launching cyberattacks. The rogue state’s government officials claim that they are actually victims of hacking.
This may be true to some extent: a well-known cyberattack called Stuxnet was reportedly launched by the U.S. and Israeli governments in 2010 on Iran’s controversial nuclear facilities. The highly sophisticated attack effectively disabled Iran’s uranium-enrichment centrifuges - believed to be a key part of its nuclear arsenal.