Ransomware: more and more attacks with Pay2Key

A new threat has recently appeared among ransomware: dubbed Pay2Key, it seems to have so far targeted mainly companies based in Israel, it is not clear why. This is what the Check Point Software researchers report today, referring to an ever-increasing number of reports.

Pay2Key is the ransomware threat of the moment

The attacker's modus operandi it's the same as always, going from compromising computer systems to blocking devices and access to data, asking for the payment of a ransom in cryptocurrency if you want toa> get it back. According to what has been leaked, the claimed amount varies from 7 to 9 BTC: translated from Bitcoin to our currency they are about 90,000-120,000 euros.

Congratulations! Your entire network and all your information such as computers, employee data, user folders, servers, files, applications, databases etc. in the network have been successfully encrypted! Some of your important information has been downloaded and is ready to be released in case you don't want to accept a good deal!



Pay2Key first appeared in late October. Its action usually occurs after midnight, when companies usually have fewer technical staff available to act quickly on the problem. The breach in the affected systems is believed to occur by exploiting a weakness in the Remote Desktop Protocol.

The data is encrypted with AES and RSA algorithms and at the moment there are no useful tools available to restore access to content without giving in to extortion. According to the analyzes conducted so far, it seems that the ransomware code was written from scratch (identified with the code name Cobalt during the development phase), without relying on that of others already in circulation or documented.

Source: Check Point Software