Suspected Iranian Ransomware Group Targets Israeli Firms
Suspected Iranian hackers have reportedly hit multiple Israeli companies with ransomware, in a new campaign of attacks.
A group describing itself as ‘N3tw0rm’ (Networm) on Sunday added the logo of H&M Israel to their naming and shaming website, just three days after another local firm, Veritas Logistics, was hit.
Networm is threatening to publish 110GB of data stolen from the fashion retailer and 9GB from transport firm Veritas, including information on customers, invoices, employees and possibly payment data, according to Haaretz.
The group reportedly demanded 3 Bitcoin ($168,000) from Veritas Logistics to delete the data.
A local cybersecurity firm that Haaretz spoke to claimed it was providing incident response for three Israeli companies that had recently been hit by ransomware. There are suspicions an unnamed non-profit may also have been targeted in the ongoing campaign.
The Networm group has been linked to ‘Pay2Key’ — an Iranian cyber-attack group that hit scores of Israeli firms at the end of last year in what some commentators described as an ideological rather than financially motivated operation.
If that’s true, the attackers have no intention of releasing the stolen information but instead want to undermine the status of Israel as a pre-eminent cyber power, the report claimed.
In fact, it’s not uncommon for ransomware threat actors to hold onto some or all of the data they’ve stolen. A Sophos report out last week claimed that although a third (32%) of victim organizations now elect to pay, only 8% got all their data back last year and 29% didn’t manage to grab more than half of what they lost.