Iran Pays Millions in Ransom to End Cyberattack on Banks

Iranians at a bank branch in Tehran (IRNA)
Iranians at a bank branch in Tehran (IRNA)
TT

Iran Pays Millions in Ransom to End Cyberattack on Banks

Iranians at a bank branch in Tehran (IRNA)
Iranians at a bank branch in Tehran (IRNA)

A massive cyberattack that hit Iran last month threatened the stability of its banking system and forced the country's regime to agree to a ransom deal of millions of dollars, POLITICO reported on Thursday.

The newspaper said an Iranian firm paid at least $3 million in ransom last month to stop an anonymous group of hackers from releasing individual account data from as many as 20 domestic banks in what appears to be the worst cyberattack the country has seen, quoting industry analysts and western officials briefed on the matter.

A group known as IRLeaks, which has a history of hacking Iranian companies, was likely behind the breach, the officials said.

The hackers are said to have initially threatened to sell the data they collected, which included the personal account and credit card data of millions of Iranians, on the dark web unless they received $10 million in cryptocurrency, but later settled on a smaller sum.

Iran’s authoritarian regime pushed for a deal, fearing that word of the data theft would destabilize the country’s already-wobbly financial system, which is under intense strain amid the international sanctions the country faces, the officials said.

Iran never acknowledged the mid-August breach, which forced banks to shut down cash machines across the country.

IRleaks entered the banks’ servers via a company called Tosan, which provides data and other digital services to Iran’s financial sector, the officials said.

Using Tosan, the hackers appear to have siphoned data from both private banks and Iran’s central bank. Of Iran’s 29 active credit institutions, as many as 20 were hit, including the Bank of Industry and Mines and the Post Bank of Iran.

Though the attack was reported at the time by Iran International, an opposition news outlet, neither the suspected hackers nor the ransom demands were disclosed.

Iran’s supreme leader delivered a cryptic message in the wake of the attack, blaming the US and Israel for “spreading fear among our people,” without acknowledging the country’s banks were under assault.

Despite the growing tensions between Iran and both the US and Israel, people familiar with the Iranian banking hack told POLITICO that IRLeaks is affiliated with neither the US nor Israel.



WHO Chief Back to Work after Being Discharged from Hospital

FILE PHOTO: Director-General of the World Health Organisation (WHO) Dr. Tedros Adhanom Ghebreyesus attends the World Health Assembly at the United Nations in Geneva, Switzerland, May 27, 2024. REUTERS/Denis Balibouse/File Photo
FILE PHOTO: Director-General of the World Health Organisation (WHO) Dr. Tedros Adhanom Ghebreyesus attends the World Health Assembly at the United Nations in Geneva, Switzerland, May 27, 2024. REUTERS/Denis Balibouse/File Photo
TT

WHO Chief Back to Work after Being Discharged from Hospital

FILE PHOTO: Director-General of the World Health Organisation (WHO) Dr. Tedros Adhanom Ghebreyesus attends the World Health Assembly at the United Nations in Geneva, Switzerland, May 27, 2024. REUTERS/Denis Balibouse/File Photo
FILE PHOTO: Director-General of the World Health Organisation (WHO) Dr. Tedros Adhanom Ghebreyesus attends the World Health Assembly at the United Nations in Geneva, Switzerland, May 27, 2024. REUTERS/Denis Balibouse/File Photo

The head of the World Health Organization said on social media platform X on Thursday he had been discharged from a hospital in Rio de Janeiro after being admitted overnight.

"I felt unwell yesterday afternoon and was admitted to Samaritano Barra Hospital in Rio, but I was discharged this morning and am back to work," said Tedros Adhanom Ghebreyesus.

Tedros, 59, suffers from hypertension. He was in Rio de Janeiro for the G20 summit where he met with US President Joe Biden and other leaders, advocating for strengthened global cooperation in health emergencies.

Local newspaper O Globo had reported earlier on Thursday that Tedros sought medical attention at the facility with "symptoms of labyrinthitis and an hypertensive crisis," after showing signs of being unwell.

According to the report, Tedros was examined on Monday by health professionals on duty at the G20 summit and given medicine for high blood pressure, but was released once he was stable.