- Jul 22, 2014
- 2,525
The Iran Computer Emergency Response Team Coordination Center (Iran CERTCC) has issued a security alert about a ransomware distribution campaign currently active in the country.
The alert warns users about Tyrant ransomware, a strain spotted by G Data security researcher Karsten Hahn last Monday, October 16.
According to Iran CERTCC, miscreants have spread versions of the Psiphon VPN app laced with Tyrant and are now trying to extort infected users for money.
![DMPoOD_X4AEVg1V[1].jpg](https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/october/20/DMPoOD_X4AEVg1V[1].jpg)
Victims have 24 hours to pay the equivalent of $15. Tyrant distribution specifically targets Iran, as the ransom note is only available in Farsi and the ransomware uses two local payment processors — exchanging.ir and webmoney724.ir.
The Tyrant ransom note also features two contact methods, the email address rastakhiz@protonmail.com and Telegram username @Ttyperns.
The person behind this attack might not be aware that a cyber-espionage hacking group linked to the Iranian government — codenamed Rocket Kittens — has used a vulnerability to uncover and map out Telegram IDs to users' phone numbers back in the summer of 2016.
Tyrant ransomware part of the DUMB family
....
The alert warns users about Tyrant ransomware, a strain spotted by G Data security researcher Karsten Hahn last Monday, October 16.
According to Iran CERTCC, miscreants have spread versions of the Psiphon VPN app laced with Tyrant and are now trying to extort infected users for money.
Victims have 24 hours to pay the equivalent of $15. Tyrant distribution specifically targets Iran, as the ransom note is only available in Farsi and the ransomware uses two local payment processors — exchanging.ir and webmoney724.ir.
The Tyrant ransom note also features two contact methods, the email address rastakhiz@protonmail.com and Telegram username @Ttyperns.
The person behind this attack might not be aware that a cyber-espionage hacking group linked to the Iranian government — codenamed Rocket Kittens — has used a vulnerability to uncover and map out Telegram IDs to users' phone numbers back in the summer of 2016.
Tyrant ransomware part of the DUMB family
....
