Iranian Ransomware Programs Take Cybersecurity Experts by Surprise

Ransomware encrypts files on a victim’s computer. The perpetrator then demands ransom payments in exchange for decrypting the files and sometimes also threatens to leak the victim’s data. (Reuters)
Ransomware encrypts files on a victim’s computer. The perpetrator then demands ransom payments in exchange for decrypting the files and sometimes also threatens to leak the victim’s data. (Reuters)
TT
20

Iranian Ransomware Programs Take Cybersecurity Experts by Surprise

Ransomware encrypts files on a victim’s computer. The perpetrator then demands ransom payments in exchange for decrypting the files and sometimes also threatens to leak the victim’s data. (Reuters)
Ransomware encrypts files on a victim’s computer. The perpetrator then demands ransom payments in exchange for decrypting the files and sometimes also threatens to leak the victim’s data. (Reuters)

Iranian hackers have recently launched cyberattacks against vital institutions and facilities in the United States, raising the concern of law enforcement authorities in the country.

These attacks are added to various others launched by several parties against the US.

With much attention this year on Russian ransomware attacks against the US, the Iranian threat may come as a surprise, said a report by the Foreign Policy magazine, adding that Iranian ransomware groups were quietly emerging as a global force to be reckoned with elsewhere in the world.

On November, the US, Britain and Australia issued a joint warning that Iranian actors have conducted ransomware attacks against US targets and gained access to a wide range of critical infrastructure networks, including the children’s hospital, that would enable more attacks, the report read.

Experts in the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Center (ACSC) and the United Kingdom’s National Cyber Security Center (NCSC) found out that an ongoing malicious cyber activity by an advanced persistent threat (APT) group is associated with the government of Iran.

Ransomware encrypts files on a victim’s computer. The perpetrator then demands ransom payments in exchange for decrypting the files and sometimes also threatens to leak the victim’s data.

“The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors,” the experts warned.

While Iranian ransomware may be relatively unfamiliar to Americans, it has been a part of everyday life in Israel for more than a year, the US magazine noted.

“Iranian actors have targeted almost every sector of Israel’s economy and society.”

The report pointed out that Iran’s successful use of ransomware against Israel has likely emboldened it to expand its focus to the United States.

In September 2020, an Israeli cybersecurity firm first detected Iranian ransomware activity against unspecified “prominent Israeli organizations.”

Another hacking group, Black Shadow, believed to be linked to Iran, was accused of carrying out a major cyberattack in October targeting an Internet service provider in Israel.

The report warned that Iran’s ransomware campaign appears to be on the brink of global expansion.

In 2019, a report prepared by researchers at the US giant Microsoft Corporation said that Iranian hackers are working to infiltrate systems, companies and governments around the world, causing damages amounting to hundreds of millions of dollars.

Some believe these attacks may be part of Iran’s attempts not only to influence cybersecurity and its open conflict with its “rivals” but also to obtain foreign cash, especially the US dollar, to break the blockade imposed on it.



Starmer and Zelenskiy Meet in London, Agree Military Production Project

British Prime Minister Keir Starmer (C-L) and Ukrainian President Volodymyr Zelensky (C-R) meet with soldiers from the Operation Interflex at Downing Street, London, Britain, 23 June 2025. EPA/JASON ALDEN / POOL
British Prime Minister Keir Starmer (C-L) and Ukrainian President Volodymyr Zelensky (C-R) meet with soldiers from the Operation Interflex at Downing Street, London, Britain, 23 June 2025. EPA/JASON ALDEN / POOL
TT
20

Starmer and Zelenskiy Meet in London, Agree Military Production Project

British Prime Minister Keir Starmer (C-L) and Ukrainian President Volodymyr Zelensky (C-R) meet with soldiers from the Operation Interflex at Downing Street, London, Britain, 23 June 2025. EPA/JASON ALDEN / POOL
British Prime Minister Keir Starmer (C-L) and Ukrainian President Volodymyr Zelensky (C-R) meet with soldiers from the Operation Interflex at Downing Street, London, Britain, 23 June 2025. EPA/JASON ALDEN / POOL

Volodymyr Zelenskiy and British Prime Minister Keir Starmer announced a new defense co-production initiative on Monday during a short visit by the Ukrainian president to London to discuss his country's defense against Russia.

The two leaders announced the deal in the garden of Starmer's Downing Street residence, where they also met Ukrainian troops being trained in Britain.

"I'm really proud that this afternoon, we're able to announce an industrial military co-production agreement - the first of its kind so far as Ukraine and the UK are concerned - which will be a massive step forward now in the contribution that we can continue to make," Starmer said.

He did not provide further details on the agreement. Zelenskiy said it would help strengthen both nations.

Speaking alongside Starmer, the Ukrainian president thanked Britain for its support in the war against Russia, Reuters reported.

Zelenskiy had earlier met King Charles at Windsor Castle where the two shook hands for cameras on what was their third meeting this year and the latest gesture of Charles', and Britain's, support for Ukraine.

The Ukrainian leader also met the speakers of both houses of parliament.