New ransomware strong candidate? Beware of Pay-to-Key

Many major organisations have infiltrated in the last two weeks… One hour is the time it takes to encrypt the network.

Saturday, November 14, 2020, 11:53  GMT

It seems like those with sophisticated technologies are behind it The probability of becoming a hacker in Iran is strong right now…

Several big corporations have already been challenged in Israel which Europe, and will soon be a multinational threat. A research on the latest Pay2Key ransomware has been published by security firm Check Point.

Pay-to-Key ransomware, as most other ransomware in the past, exploits the Remote Desktop Protocol (RDP) service, according to this study, to penetrate the target network and travel horizontally, optimizing intrusion harm. It also seems to have other types of infiltration that are extremely likely.

First, Pay2Key sets up a computer or proxy that can become a base after it successfully infiltrates the network of the victim. And via this system, it interacts with Pay-to-Key C&C servers. Thanks to the technique of only one computer connecting with an external server, it is said that identification before encryption can be avoided in several circumstances. To transfer it horizontally and to plant Pay-to-Key on different networks, pay-to-key operators use a utility named psexec.

Pay-to-Key ransomware steals files before encrypting them, like the new ransomware. This is to show that the victim is not in line with the negotiation. Pay-to-Key operators appear to call for 7 to 9 bitcoin victims, which is usually between $113,000 to $145,000. To date at least four impacted companies claim to have paid money to get their records back, and since they did not at least three of them have sustained harm from knowledge leakage.

Attackers are currently setting up websites based on Tor to reveal details. Not only is the material tossed out it is organized and disclosed in a folder format containing comprehensive information about the affected entity. The casualties included law firms and gaming companies, according to Checkpoint. Interestingly, there is a distinction because as soon as they broke the deadline, law firms began to reveal details, and game firms offered them a second chance. It is not yet understood the explanation for this.

It is also not yet clear whether businesses who have made profits have successfully retrieved their details. Checkpoint wrote, “I think Pay-to-Key attackers’ hacking methods are very sophisticated,” and far greater than the standard of ordinary ransomware attackers.” He also claimed, “It is extremely probable that it is an enterprise that has never been identified.” The reason Checkpoint thinks this is that in only a few days, Pay2Key targeted a variety of major organisations simultaneously, and succeeded.
Meanwhile the Bitcoin wallet to which the victims sent their money was also traced by Checkpoint. As a result, the trade was discovered to have taken place on the Excoino Iranian crypto-currency platform. It is understood that Excoino is an exchange that can be used only by Iranian people. This is because to make a trade, Iran’s resident identification number must be entered.

The fact that Pay2Ki has been targeting Israeli firms intensively to date also indicates that Iranian hackers might be behind the scenes. Of course, since harm exists within European organisations, it is hard to affirm. It’s such a good organisation, and if you see that there are also threats in Europe, it’s likely to be extending its stage to the globe,” interprets Checkpoint.”


  1. Pay2Key emerges as the latest high-end ransomware.
  2. Borrowing a tactic of double threat to follow the new developments. Slightly below the selling price is the blackmail.
  3. It is possible the Iranian hackers will be behind the scenes.