In recent times several well-known organizations and large corporations of Israel have been breached and had their systems encrypted by previously unknown ransomware called Pay2Key. The attacks were first carried out towards the end of October. In a report published by the Israeli cyber security firm, Check Point it is stated that most of the attacks have been carried out at midnight when fewer employees are working at the IT companies.
Researchers have said that the attackers have breached the organization’s network sometime before the attack but after getting access the attackers made a rapid move to spread the ransomware in the entire network within an hour. Once the intrusion is completed, the ransomware gang starts encrypting files.
It is believed that the initial entry point for all the Pay2Key ransomware attacks has been weakly secured Remote Desktop Protocol (RDP) services. Once encryption is completed Pay2Key group usually asks for payment of 7-9 bitcoins (~$110K-$140K) by leaving a note on the hacked systems. In order to avoid detection, Pay2Key operators provide a proxy to all their communications by setting up a pivot point on the local network.
Though the investigation is still going on, these recent Pay2Key ransomware attacks indicate a new threat to major organizations and warn them to minimize exposure in order to avoid a data breach.