Accenture, the global management consulting firm, on August 7, reported about Iranian malware that demands ransom in cryptocurrencies. According to the report, the malware is spreading fast and will further expand as far as the current geopolitical conditions are concerned.
The two year analysis conducted by Accenture warns of the grave impending threats Iranian malwares pose owing to the U.S. exit from the nuclear agreement signed during Obama’s presidential term. The Middle Eastern country will be facing dire situations, financially and economically.
The economic sanctions re-imposed by the United States could possibly result in Iranians attacking U.S. and other countries using ransomwares. It has been speculated that the ransomware found by Accenture “could have been created by government-backed actors or Iranian criminals, or both,” as was reported by Wall Street Journal.
Apparently, the management consultant firm has narrowed down the number of malwares to five. The ransomwares discovered demand of hefty payments in cryptocurrencies and have messages written in Farsi. All of the five ransomware point their origin back to Iran, few even giving out exact Iranian addresses.
Samples include “WannaSmile” and “Black Ruby” which demand 20 Bitcoin (BTC) and 680 Bitcoin respectively. WannaSmile is a zCrypt variant that asks for ransom through a Farsi note and also suggests various Iranian digital exchanges through which victims can arrange ransom cryptocurrency. Black Ruby has been programmed to exempt Iranian IP addresses. Nevertheless, it encrypts the files and infects the system with resource hungry Monero (XML) miner.
The report says that the cryptocurrency ransomware is being used by the Iranian actors solely for financial benefits. However, it also notes, “Based on current Iranian policy, the feud may not lead to any disruptive or destructive cyberattack against the United States or European counterparts in the near future.”
The current geopolitical restraints has seen many Iranian citizens turning towards cryptojacking as they battle the poor economic conditions in the country. Iranians have reportedly diverted $2.5 billion out of the country using cryptocurrency. This is being seen as a calculated move after the country’s central bank imposed ban on any crypto related transactions.