Iran-nexus ransomware gang Pay2Key has reportedly targeted a U.S. healthcare organization with a more destructive and covert ransomware payload in an attack late last month, reports The Record, a news site by cybersecurity firm Recorded Future.
Threat actors who compromised one of the organization's administrative accounts waited for days before launching the ransomware and conducting encryption activities, which were then followed by activity and event log deletion, according to a joint analysis from Beazley Security and the Halcyon Ransomware Research Center. Activity of Pay2Key ransomware has escalated in the wake of the U.S.-Iran military conflict, with Halcyon Ransomware Research Center Senior Vice President Cynthia Kaiser warning that other organizations across the U.S. may have already been subjected to other Iranian cyber intrusions. "Some attacks may have more limited impact, and so there isn't going to be as much publicity around that, but you have to assume that Iran is looking for targets, seeking out what they can do. And my assumption is that it's a combination of wiper attacks, ransomware attacks, and attempting to target critical infrastructure through unpatched vulnerabilities," said Kaiser.
Threat actors who compromised one of the organization's administrative accounts waited for days before launching the ransomware and conducting encryption activities, which were then followed by activity and event log deletion, according to a joint analysis from Beazley Security and the Halcyon Ransomware Research Center. Activity of Pay2Key ransomware has escalated in the wake of the U.S.-Iran military conflict, with Halcyon Ransomware Research Center Senior Vice President Cynthia Kaiser warning that other organizations across the U.S. may have already been subjected to other Iranian cyber intrusions. "Some attacks may have more limited impact, and so there isn't going to be as much publicity around that, but you have to assume that Iran is looking for targets, seeking out what they can do. And my assumption is that it's a combination of wiper attacks, ransomware attacks, and attempting to target critical infrastructure through unpatched vulnerabilities," said Kaiser.
