Several large companies in Israel immediately reported that their computer networks had been compromised and infected with the new Pay2Key ransomware virus.
It looks like the hackers launched an organized attack on Israeli companies in late October. At first, the number of hacks was small, but the number of companies affected continues to grow.
“The number of reports of attacks related to the Pay2Key virus is growing every day,” said representatives of the cybersecurity company Check Point.
According to computer security experts, attacks pass through the vulnerable RDP connection around midnight. Night attacks are much easier, as there are far fewer IT professionals on duty at the victim company. After gaining access to an infected computer, attackers launch copies of the virus using the psexec command on all accessible computers on the local network. It only takes hackers an hour to infect infrastructure.
After the encryption of files on the company’s servers and computers is over, hackers leave a file demanding a ransom in bitcoins for decryption. They usually ask for 7 to 9 BTC, that is, $ 110,000– $ 140,000 at the current exchange rate.
Check Point specialists emphasized that the Pay2Key virus was created from scratch, and the used file encryption algorithm using AES and RSA algorithms makes it impossible to create a mass free decryptor. It is not yet known who created the virus and why only Israeli companies are among the victims.
Also on November 7, attacks by the Ragnar Locker ransomware virus on Capcom and the liquor manufacturer Campari Group were recorded.