According to the cybersecurity experts interviewed by The Wall Street Journal, the Iranian hackers are working on a ransomware to secure bitcoin. This might be how they would retaliate after the US imposes sanctions on the country.
Accenture PLC’s cybersecurity intelligence group followed five Iranian built ransomware variations in the last two years. And according to Jim Guinn, who oversees the industrial cybersecurity business at Accenture, these hackers are hoping to secure payments in cryptocurrencies.
These ransomware are linked to Iran because the messages are in Farsi and are connected to Iran based computers. The Accenture report also notes that these ransomware could very well be driven by the Iranian government itself who might be supporting other allied parties, criminals, or both.
This isn’t the first time that a ransomware has been linked to Iran.
Another Ransomware Linked to Iran
CrowdStrike Inc., another cybersecurity firm discovered a ransomware linked to Iran’s government. The software is called Tyrant. It was developed primarily to block the Iranian citizens from downloading any software that was designed to discourage the government from snooping around.
And this is just the tip of the iceberg, there have been tons of reports from different cybersecurity firms around the world like Palo Alto Networks, Symantec Corp., etc. that have issued reports that several data stealing operations, ransomware, etc. that have been connected to Iran.
Not Just Ransomware, Crypto Mining As Well
Crypto mining software is a type of software that uses your processing power to mine cryptocurrencies. This is similar to what happened in China that affected more than 2 million computers. A crypto mining software has also been linked to Iran, although it is not as widespread as the Chinese attack.
But the middle east has been having a huge issue because of crypto mining software linked to Iran. Many gas and oil facilities in the middle east have lost millions of dollars worth of compute cycles in the last year.
This definitely looks like the workings of a way to delegitimize the entire cryptocurrency industry by hacking computers, and also to make sure that the Iranian citizens to not start transacting in cryptocurrency.
However, Iran denies any knowledge of these attacks. The country claimed that it has not been involved in any cyber attacks. In fact, it claims that they themselves have been the victim of these attacks.
So how did we reach this situation?
This is a great moment to look back to 2008 when the U.S. and Israel launched Stuxnet, a cyberattack that disabled uranium-enrichment centrifuges for Iran’s nuclear program. Since that attack, Iran has been heavily focusing on enhancing its own cyber capabilities, one of those things include the ability to do a lot of damage outside their border.
According to Keith Alexander, chief executive of IronNet Cybersecurity Inc. and former director of the U.S. Cyber Command and the National Security Agency said that these crypto mining attacks are a way for the cash-strapped countries to make fast profits.
And it does make sense because then with that cash they could fund their other, more deadly attacks. The question is, how are we going to defend ourselves?