Ransomware Targeting Windows Users in Iran…Beware!!!

Ransomware

Are you in Iran? Do you use the Windows operating system? If so, beware! There’s a Ransomware on the prowl that could target your system and the data therein…

Tyrant- that’s the name of the ransomware that has targeted Iranian computers running on Microsoft Windows OS. It’s Iran’s official CERTCC (Computer Emergency Response Team Coordination Center), affiliated with the Ministry of Communications and Information Technology, which has reported the attack. The range of the attack, the number of systems infected is not yet clear.

As we know, a ransomware, when it infects a system, takes control of the system, encrypts and blocks access to all the files therein or blocks access to the system/network itself. The files are decrypted and access is given only when a ransom is paid, in digital currency.

As per reports, the Tyrant ransomware has made its entry disguised mostly as Psiphon, a locally popular VPN program. Users are thus easily duped into letting the ransomware into their systems, not knowing that it’s not the genuine Psiphon, but a ransomware in disguise. Once the Tyrant ransomware infects the system and encrypts all data, a message in Persian is displayed informing the users of the infection and that their files and data are now encrypted. There would also be intimation about payment to be made to get the files/data unencrypted, failing which they would be eliminated.

Financial Tribune, the Iranian economic daily, reports- “Iran CERTCC has reported that in most cases the ransomware has been disguised as Psiphon, a locally popular VPN program. Once the software is on a victim’s computer, the hackers can launch an attack that locks all files it can find within a network. This tends to be a gradual process with files being encrypted one after another. After encrypting the user’s data, cybercriminals often demand payment in return for unlocking the files. This is normally in the form of online cryptocurrencies that are not traceable. Iran CERTCC has reported that after being hit by the attack, users receive a message in Persian, which reads as follows, “You have been infected by Tyrant ransomware. All the files and data stored on this device have been encrypted.” After seeing the message, users will have 24 hours to pay $15 to the hackers in the form of WebMoney, an online cryptocurrency. The message also includes instructions in Persian about using the electronic money. In case users do not comply with the hackers’ demands, the files will be eliminated.”

More than half of the popular antivirus programs have reportedly failed to detect the Tyrant ransomware. The attack, as per cyber experts, is in its first phase and it could continue, eventually infecting and locking thousands of computers.

The Financial Tribune report says- “Professionals believe that this is the first phase of an attack and in the coming days, thousands of computers will be infected by the ransomware. Most computers in Iran run on unauthenticated operating systems and users seldom install antivirus programs on their devices and even when they do, the programs are not updated.”

Related Blog:

https://hackercombat.com/ransomware-that-demand-naked-pictures-and-not-money/

https://hackercombat.com/a-new-locky-ransomware-variant-with-20-million-attacks-in-one-day/

https://hackercombat.com/double-trouble-as-campaign-with-two-ransomware-goes-global/

Julia Sowells950 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register