Iran Pays $Mulitmillion Ransom To Protect Its Banks

A massive cyber attack that hit Iran recently threatened the stability of its banking system and forced the country's regime to agree to a ransom deal of millions of dollars, according to official sources. Analysis say this attack becomes one of the largest breaches that the country has faced in its cyber history.

A group known as IRLeaks, which has a history of hacking Iranian companies, was likely behind the breach, the officials said. 

The hackers are said to have initially threatened to sell the data they collected, which included the personal account and credit card data of millions of Iranians, on the Dark Web unless they received $10 million in crypto-currency, but later settled on a smaller sum.  

Iran’s highly centralised religious regime is understood to have pushed for the ransom to be paid, fearing that word of the data theft would destabilise the country’s weak financial system, which is under intense strain amid the international sanctions the country faces.

Iran has not acknowledged the breach, which forced banks to shut down cash machines across the country in August.Though the attack was reported at the time by Iran International, an opposition news outlet, neither the suspected hackers nor the ransom demands were disclosed.  Iran’s supreme leader, Ayatollah Ali Khamenei, delivered a cryptic message in the wake of the attack, blaming the US and Israel for “spreading fear among our people,” without acknowledging the country’s banks were under assault. 

“The enemy’s goal is to spread psychological warfare to push us into political and economic retreat and achieve its objectives,” the Ayatollah said.

That accusation seemed plausible given the broader tensions between Israel, the US and Iran. While Tehran blames Israel for the recent assassination of a senior Hamas leader in Iran, Washington accuses Iran of trying to influence the US election by hacking into Donald Trump’s campaign operation. 

Online extortion in Iran is nothing new.  In December, IRLeaks claimed to have stolen the customer data of nearly two dozen Iranian insurance companies, and of hacking into Snapp Food, a delivery service. Though the companies agreed to pay ransom to IRLeaks, it was far less than the group received from the banking hack.

IRleaks entered the banks’ servers via a company called Tosan, which provides data and other digital services to Iran’s financial sector. Using Tosan as a Trojan horse, the hackers appear to have exfiltratd data from both private banks and Iran’s central bank. Of Iran’s 29 active credit institutions, as many as 20 were hit, said the officials, who requested anonymity in order to reveal sensitive information. Among the affected banks were the Bank of Industry and Mines, Mehr Interest-Free Bank, Post Bank of Iran, Iran Zamin Bank, Sarmayeh Bank, Iran-Venezuela Bi-National Bank, Bank Day, Bank-e Shahr, Eghtesad Novin Bank, and Saman, which also has branches in Italy and Germany.

The government ultimately insisted that Tosan to pay the IRLeaks ransom, a personal familiar with the events said.  What isn’t clear is whether the hackers used Tosan to hit other targets in Iran. The firm has a wide customer base, including government entities beyond the central bank.

Iran’s financial sector has long been the country’s Achilles heel and its banks are undercapitalised and overburdened with  by loans they are forced to make to the government, which counts as the sector’s biggest borrower. In February, Iran’s central bank chief said that eight of the country’s banks were facing severe difficulties and would either be merged or dissolved.

 Iranian citizens have little choice but to continue to keep their money in their local banks and rely on them to handle their daily transactions in cash, and  with an inflation rate of nearly 40 percent, Iranians have shown little appetite for  digital payments.

The banking system’s overall fragility leaves individual lenders exposed to sudden bank runs. That danger might explain why the regime refused to publicly acknowledge the attack and pressured Tosan to pay the hackers.

AAAwsat   |    Iran International  |    Politico   |   Scope24   |   Cybersecurity-Insiders    |   Niksun / LinkedIn

Image: Ideogram

You Might Also Read: 

Combatting Zero-Day Exploits In Financial Services:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

« US Healthcare Firm Loses 22GB of Data
New Exploits & Examples Of Online Fraud »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cellebrite

Cellebrite

Cellebrite delivers comprehensive solutions for mobile data forensics and mobile lifecycle management.

Sandline Discovery

Sandline Discovery

Sandline Discovery provides digital forensics, eDiscovery solutions, managed review and litigation consulting services.

Phosphorous Cybersecurity

Phosphorous Cybersecurity

Phosphorus has fully automated remediation of the two biggest IoT vulnerabilities, out of date firmware and default credentials.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

Atakama

Atakama

With Atakama, data remains encrypted until the very moment it is used, and the ability to decrypt is based on zero trust architecture.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.