Pay2Key

Malware updated a month ago (2024-11-29T14:09:49.181Z)
Download STIX
Preview STIX
Pay2Key is a type of malware, specifically ransomware, that was used by likely Iranian threat groups to disrupt services at Israeli companies in early 2021. This malware can infiltrate systems through suspicious downloads, emails, or websites and has the potential to steal personal information, disrupt operations, or hold data hostage for ransom. However, the FBI has assessed that the primary objective of Pay2Key was not to obtain ransom payments but rather as an information operation aimed at undermining the security of Israel-based cyber infrastructure. The software is cataloged under MITRE ATT&CK® as S0556. The use of Pay2Key began around December 2020, with a notable attack on the Israeli shipping and logistics sector. It was part of a wave of politically and ideologically motivated attacks against Israeli organizations, which also involved other threat groups such as BlackShadow and MosesStaff. Similar to other malicious campaigns like North Korea's WCry (also known as WannaCry) for financial gain, Russia's IRON VIKING using NotPetya for its destructive capabilities, Pay2Key, along with N3tw0rm, was used by the Iranian COBALT FOXGLOVE threat group as a destructive wiper against entities in Israel. In terms of technical details, Pay2Key operates by generating a pair of RSA keys and sending the public key to the server over raw TCP. At the end of the encryption process, it also terminates the MS SQL service using the command "net stop mssqlserver > nul" in order to release files locked by the service. These recent Pay2Key ransomware attacks indicate a new trend of targeted ransomware attacks, designed to maximize damage and minimize exposure. As of now, investigations into these attacks are ongoing.
Description last updated: 2024-08-28T15:17:28.317Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Pay2Key Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more