Iran Pays $Mulitmillion Ransom To Protect Its Banks

Uploaded on 2024-09-20 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-National, FREE TO VIEW

A massive cyber attack that hit Iran recently threatened the stability of its banking system and forced the country's regime to agree to a ransom deal of millions of dollars, according to official sources. Analysis say this attack becomes one of the largest breaches that the country has faced in its cyber history.

A group known as IRLeaks, which has a history of hacking Iranian companies, was likely behind the breach, the officials said. 

The hackers are said to have initially threatened to sell the data they collected, which included the personal account and credit card data of millions of Iranians, on the Dark Web unless they received $10 million in crypto-currency, but later settled on a smaller sum.  

Iran’s highly centralised religious regime is understood to have pushed for the ransom to be paid, fearing that word of the data theft would destabilise the country’s weak financial system, which is under intense strain amid the international sanctions the country faces.

Iran has not acknowledged the breach, which forced banks to shut down cash machines across the country in August.Though the attack was reported at the time by Iran International, an opposition news outlet, neither the suspected hackers nor the ransom demands were disclosed.  Iran’s supreme leader, Ayatollah Ali Khamenei, delivered a cryptic message in the wake of the attack, blaming the US and Israel for “spreading fear among our people,” without acknowledging the country’s banks were under assault. 

“The enemy’s goal is to spread psychological warfare to push us into political and economic retreat and achieve its objectives,” the Ayatollah said.

That accusation seemed plausible given the broader tensions between Israel, the US and Iran. While Tehran blames Israel for the recent assassination of a senior Hamas leader in Iran, Washington accuses Iran of trying to influence the US election by hacking into Donald Trump’s campaign operation. 

Online extortion in Iran is nothing new.  In December, IRLeaks claimed to have stolen the customer data of nearly two dozen Iranian insurance companies, and of hacking into Snapp Food, a delivery service. Though the companies agreed to pay ransom to IRLeaks, it was far less than the group received from the banking hack.

IRleaks entered the banks’ servers via a company called Tosan, which provides data and other digital services to Iran’s financial sector. Using Tosan as a Trojan horse, the hackers appear to have exfiltratd data from both private banks and Iran’s central bank. Of Iran’s 29 active credit institutions, as many as 20 were hit, said the officials, who requested anonymity in order to reveal sensitive information. Among the affected banks were the Bank of Industry and Mines, Mehr Interest-Free Bank, Post Bank of Iran, Iran Zamin Bank, Sarmayeh Bank, Iran-Venezuela Bi-National Bank, Bank Day, Bank-e Shahr, Eghtesad Novin Bank, and Saman, which also has branches in Italy and Germany.

The government ultimately insisted that Tosan to pay the IRLeaks ransom, a personal familiar with the events said.  What isn’t clear is whether the hackers used Tosan to hit other targets in Iran. The firm has a wide customer base, including government entities beyond the central bank.

Iran’s financial sector has long been the country’s Achilles heel and its banks are undercapitalised and overburdened with  by loans they are forced to make to the government, which counts as the sector’s biggest borrower. In February, Iran’s central bank chief said that eight of the country’s banks were facing severe difficulties and would either be merged or dissolved.

 Iranian citizens have little choice but to continue to keep their money in their local banks and rely on them to handle their daily transactions in cash, and  with an inflation rate of nearly 40 percent, Iranians have shown little appetite for  digital payments.

The banking system’s overall fragility leaves individual lenders exposed to sudden bank runs. That danger might explain why the regime refused to publicly acknowledge the attack and pressured Tosan to pay the hackers.

AAAwsat   |    Iran International  |    Politico   |   Scope24   |   Cybersecurity-Insiders    |   Niksun / LinkedIn

Image: Ideogram

You Might Also Read: 

Combatting Zero-Day Exploits In Financial Services:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« US Healthcare Firm Loses 22GB of Data

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

Ankura Consulting Group

Ankura Consulting Group

Ankura is a global expert services and advisory firm that delivers services and end-to-end solutions in a wide range of areas including cybersecurity and digital transformation.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.