Hackers in Iran, potentially government-backed, are turning to ransomware and Bitcoin as the country’s economy falters due to sanctions.
Ransomware is a scourge that affects both governments and private businesses alike. Government systems in the UK suffered such attacks, and even hotels have paid hackers to get their computers up and running. Such attacks are growing in number in the Middle East, and cybersecurity experts are pointing to hackers in Iran as the source of the problem.
Iran Facing Sanctions
The economy of Iran has been tremendously hurt in the past by sanctions levied by the United States. Another round of sanctions is being levied under President Trump, and it may be that the government of Iran is turning to cryptocurrency gained via ransomware to bolster their coffers.
Cybersecurity experts at Accenture say they have followed the digital trail of five new kinds of ransomware back to Iran. The researchers point to the fact that such ransomware contains messages in Farsi and that there are links to computers based in Iran. Another smoking gun is that the ransomware is designed not to shut down Iranian computer systems.
Another interesting tidbit is that Iranian hackers are not confining their nefarious actions to ransomware. They’re also engaging in cryptojacking by installing cryptocurrency mining software on targeted computers.
One industry in the Middle East that has been hit hard by illicit mining malware is the oil and gas industry. Researchers estimate that “millions of dollars of compute cycles have been hijacked over the past 12 months and continue to be hijacked every day.”
Iranian Government Denies Responsibility
Accenture says that the hackers can be backed by the Iranian government. They also say that they could just be criminals, or there can also be a combination of the two. Iran would not be the first country to resort to hacking and cryptocurrency to gain funds. North Korea is notorious for attacking cryptocurrency exchanges, especially those in South Korea.
The Iranian government does deny that they are hacking anybody. They point out they were the victims of a cyber attack as the United States and Israel disabled uranium enrichment centrifuges that were part of the Iranian government’s nuclear program.
As for the cryptojacking attacks on the gas and oil industry, the Iranian government denies their involvement in that too. The head of the press office at the country’s United Nations delegation, Alireza Miryousefi, says:
These claims come from private firms that have repeatedly embellished their capabilities and claimed spectacular findings in order to convince other private firms and foreign governments into buying their products. This simply is a poorly made—and false—advertisement.
However, it would make sense for Iran to target other Middle Eastern countries and their oil and gas industries. A full 82 percent or Iran’s exports are oil and natural gas, so anything that drives up the price of fuel is a good thing for them.
Do you think the Iranian government is behind the ransomware attacks? Let us know in the comments below.
Images courtesy of Shutterstock.