As the US gets ready to impose sanctions on Iran, hackers in that country are working on ransomware to secure bitcoin, according to cybersecurity experts interviewed by The Wall Street Journal.
Accenture PLC’s cybersecurity intelligence group has followed five Iranian built ransomware variations in the last two years. The hackers are hoping to secure payments in cryptocurrencies, according to Jim Guinn, who oversees the industrial cybersecurity business at Accenture.
Several clues link the ransomware to Iran. Samples include messages in Farsi that are connected to Iran based computers.
A recent Accenture report noted the ransomware could be driven by Iranian government supported parties, criminals, or both.
Ransomware has plagued both businesses and governments for years, having disabled payment systems at the San Francisco Municipal Transportation Agency, U.K hospitals and cargo shipments. Government supported hackers in some instances have obtained cryptocurrency payments from victims.
One variant of ransomware that iDefense discovered has been linked to Iran’s government, according to CrowdStrike Inc., another cybersecurity firm. The software, called Tyrant, was developed to discourage Iranian citizens from downloading software designed to discourage government snooping, CrowdStrike noted.
Palo Alto Networks Inc. and Symantec Corp. issued reports last month that described a pair of data stealing operations connected to Iran.
Crypto Mining Linked To Iran
Crypto mining software, which robs computers of their processing power to mine cryptocurrencies, has also been linked to Iran.
Accenture cited crypto mining software installed on Middle Eastern customer networks equipped with digital clues to Iran.
Crypto mining software has created problems in gas and oil facilities in the Middle East, Guinn said. He estimated millions of dollars of compute cycles have been stolen in the last year.
Iran Denies Culpability
Iran has claimed it has not been involved in cyber attacks, and that it has been a hacking victim.
A cyber attack called Stuxnet initiated by the U.S. and Israel about a decade ago disabled uranium-enrichment centrifuges for Iran’s nuclear program.
Iran has since focused on enhancing its own cyber capabilities, according to government officials and security researchers.
Keith Alexander, chief executive of IronNet Cybersecurity Inc. and former director of the U.S. Cyber Command and the National Security Agency said crypto mining and theft is a way for cash-strapped countries to make fast profits.
Guinn said hackers have also stolen intellectual property.